[PacketFence-users] [Resolved] Re: Cisco 2960X - Unable to grant privileged CLI Access

2021-12-15 Thread Misbah Hussaini via PacketFence-users 
Just to share heads up. I was able to fix this issue by disabling the
enable command, below is how my aaa config looks like.

aaa authentication login default local group NAC-Packetfence
aaa authentication login console group NAC-Packetfence
*aaa authentication enable default none*
aaa authentication dot1x default group NAC-Packetfence
aaa authorization network default group NAC-Packetfence
aaa accounting dot1x default start-stop group NAC-Packetfence
aaa server radius dynamic-author
 client 192.168.197.90 server-key 7 113A163153020A5533
 port 3799
!
!
radius server NAC1
 address ipv4 192.168.197.90 auth-port 1812 acct-port 1813
 key 7 046804324B314D1733
!
!
aaa group server radius NAC-Packetfence
 server name NAC1
 deadtime 1
!
!
!
aaa new-model
aaa session-id common


Regards
Misbah


On Mon, 13 Dec 2021 at 19:29, Misbah Hussaini  wrote:

> Hello,
>
> I'm trying to configure CLI access for admins via PF. I'm so far able to
> make the admins login to the switch CLI, however when they try to enter
> enable mode they receive "% Error in Authentication" message.
>
> I tried and checked the radius.log which shows a successful
> authentication. I have also enabled the checkbox on the switch config to
> allow cli access. I understand that I need to send Cisco-AVPair for
> privileged access to work but dunno where it is set.
>
> Can someone pls help to grant the enable mode access on the switch via PF
> Freeradius.
>
> Below is the log from raddebug.
>
> (747) Mon Dec 13 19:08:16 2021: Debug: Received Access-Request Id 20 from
> 10.141.254.40:1645 to 192.168.197.90:1812 length 81
> (747) Mon Dec 13 19:08:16 2021: Debug:   User-Name = "testuser123"
> (747) Mon Dec 13 19:08:16 2021: Debug:   User-Password =
> "cleartextpassword"
> (747) Mon Dec 13 19:08:16 2021: Debug:   NAS-Port = 2
> (747) Mon Dec 13 19:08:16 2021: Debug:   NAS-Port-Id = "tty2"
> (747) Mon Dec 13 19:08:16 2021: Debug:   NAS-Port-Type = Virtual
> (747) Mon Dec 13 19:08:16 2021: Debug:   NAS-IP-Address = 192.168.254.40
> (747) Mon Dec 13 19:08:16 2021: Debug: # Executing section authorize from
> file /usr/local/pf/raddb/sites-enabled/packetfence
> (747) Mon Dec 13 19:08:16 2021: Debug:   authorize {
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-nas-ip-address {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0"){
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0") -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-nas-ip-address = notfound
> (747) Mon Dec 13 19:08:16 2021: Debug: update {
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND
> %{Packet-Src-IP-Address}
> (747) Mon Dec 13 19:08:16 2021: Debug:  --> 192.168.254.40
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND
> %{Packet-Dst-IP-Address}
> (747) Mon Dec 13 19:08:16 2021: Debug:  --> 192.168.197.90
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND %l
> (747) Mon Dec 13 19:08:16 2021: Debug:  --> 1639408096
> (747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-set-realm-if-machine {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (User-Name =~
> /host\/([a-z0-9_-]*)[\.](.*)/i) {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (User-Name =~
> /host\/([a-z0-9_-]*)[\.](.*)/i)  -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-set-realm-if-machine = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-balanced-key-policy {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (
> && ( =~ /^(.*)(.)$/i)) {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (
> && ( =~ /^(.*)(.)$/i))  -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug:   else {
> (747) Mon Dec 13 19:08:16 2021: Debug: update {
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND
> %{md5:%{Calling-Station-Id}%{User-Name}}
> (747) Mon Dec 13 19:08:16 2021: Debug:  -->
> 7674cdd55c6099b093d1b9dcdda01825
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND
> %{md5:%{Calling-Station-Id}%{User-Name}}
> (747) Mon Dec 13 19:08:16 2021: Debug:  -->
> 7674cdd55c6099b093d1b9dcdda01825
> (747) Mon Dec 13 19:08:16 2021: Debug: } # update = noop
> (747) Mon Dec 13 19:08:16 2021: Debug:   } # else = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: } # policy
> packetfence-balanced-key-policy = noop
> (747) Mon Dec 13 19:08:16 2021: Debug: policy
> packetfence-set-tenant-id {
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0"){
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (!NAS-IP-Address ||
> NAS-IP-Address == "0.0.0.0") -> FALSE
> (747) Mon Dec 13 19:08:16 2021: Debug:   if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
> (747) Mon Dec 13 19:08:16 2021: Debug:   EXPAND
> %{%{control:PacketFence-Tenant-Id}:-0}
>

[PacketFence-users] How to change the ip address to different network segment?

2021-12-15 Thread nick via PacketFence-users 
Hello, 

I want to change the ip address from 192.168.X.X to 10.10.X.X, but no matter 
how I tried, it still not work. 
The files I have modified are /usr/local/pf/cong/pf.conf and 
/etc/network/interfaces. 
And I have also run /usr/local/pf/bin/pfcmd configreload , 
/usr/local/pf/bin/pfcmd service pf restart , and service packetfence restart. 

The network before I change was in 192.168.1.X/24, and dhcp is enabled. 
The network after will be 10.10.X.X/16, and there is no dhcp. 

Is there any wrong in my setting? Or if there still some files I need to 
modify? 
Thank you. 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Determine enforcement mode

2021-12-15 Thread Misbah Hussaini via PacketFence-users 
Hello,

I ran the configurator quiet some time back and dont remember which
enforcement mode I selected. Is there a way to determine the enforcement
mode and make changes to it, e.g: switching between vlan mode to inline,
etc.

Regards
Misbah
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

2021-12-15 Thread Arun Kangle via PacketFence-users 
Thanks a lot James. It worked. searches are blazing fast now.

- Arun

On Wed, Dec 15, 2021 at 7:47 PM Rouzier, James  wrote:

> Hi Arun,
>
> There is fix for this.
>
> However it requires you to apply a patch manually as it cannot be applied
> through maintenance.
> Since it requires an update to the database.
>
>
> Copy the attached file node-online-query.patch to all of your servers to
> the PacketFence directory /usr/local/pf/
>
> Then on each of your servers run the following commands
> cd /usr/local/pf/
>
> patch -p1 < node-online-query.patch
>
> systemctl restart packetfence-pfperl-api
>
>
>
>
> Then run the following command on only one of your servers.
>
> mysql -uroot -p pf -e "ALTER TABLE bandwidth_accounting DROP INDEX IF
> EXISTS bandwidth_accounting_tenant_id_mac, ADD INDEX
> bandwidth_accounting_tenant_id_mac_last_updated (tenant_id, mac,
> last_updated);"
>
>
> Let me know if this helps
>
> James
>
>
>
> *From: *Arun Kangle via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
> *Reply-To: *"packetfence-users@lists.sourceforge.net" <
> packetfence-users@lists.sourceforge.net>
> *Date: *Wednesday, December 15, 2021 at 8:49 AM
> *To: *"Zammit, Ludovic" 
> *Cc: *Arun Kangle , "
> packetfence-users@lists.sourceforge.net" <
> packetfence-users@lists.sourceforge.net>
> *Subject: *Re: [PacketFence-users] Node search is very slow from GUI on
> version 11.0.0
>
>
>
> Hi Ludovic,
>
> Now I have started getting the "Request Failed with status code 504"
> message every time I search for the node. Screenshot attached. Please help
> on this.
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Mon, Dec 13, 2021 at 11:24 AM Arun Kangle  wrote:
>
> Hi Ludovic,
>
> Any update please?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Wed, Dec 8, 2021 at 9:47 PM Arun Kangle  wrote:
>
> PFA,
>
> Thanks,
>
> - Arun
>
>
>
> On Wed, Dec 8, 2021 at 6:31 PM Zammit, Ludovic  wrote:
>
> Hello Arun,
>
>
>
> Could you check in chrome developper tool how long the request takes?
>
>
>
> If you do Right click, Inspect and then Network.
>
>
>
> Take a screenshot of that, it should look like this one:
>
>
>
> PastedGraphic-1.tiff
> 
>
>
>
> Thanks,
>
>
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
>
> [image: Image removed by sender.]
>
> *Cell:* +1.613.670.8432
>
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
> [image: Image removed by sender.] [image:
> Image removed by sender.] [image: Image removed
> by sender.]
> [image:
> Image removed by sender.]
> [image:
> Image removed by sender.]
> [image:
> Image removed by sender.]
> 
>
>
>
> On Dec 7, 2021, at 11:01 PM, Arun Kangle  wrote:
>
>
>
> Hi Ludovic,
>
> could you please update on this?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Sun, Dec 5, 2021 at 11:19 AM Arun Kangle  wrote:
>
> Hi Ludovic,
>
> Any update on this?
>
>
>
> Thanks in advance,
>
> - Arun
>
>
>
> On Fri, Dec 3, 2021 at 12:49 PM Arun Kangle  wrote:
>
> Now I started getting the message "Request Failed with Status code 504"
> but i still can search users from "pfcmd" cli without any issue.
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Tue, Nov 30, 2021 at 7:42 AM Arun Kangle  wrote:
>
> Hello Ludovic,
>
> Any update on this please?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle  wrote:
>
> >>>select count(1) from node;
>
>
>
> MariaDB [(none)]> use pf
> Reading table information for completion of table and column names
> You can turn off this feature to get a quicker startup with -A
>
> Database changed
> MariaDB [pf]> select count(1) from node;
> +--+
> | count(1) |
> +--+
> |   69 |
> +--+
> 1 row in set (0.000 sec)
>
> MariaDB [pf]>
>
>
>
> I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic 
> wrote:
>
> Hello Arun,
>
>
>
> You can connect to the database and run that command:
>
>
>
> select count(1) from node;
>
>
>
> What are the specs on your servers? CPU, RAM and disk.
>
>
>
>

Re: [PacketFence-users] node registration failed and no role

2021-12-15 Thread Albert Yung via PacketFence-users 
Hi Ludovic,

Yes with the pf test utility I can test the right user name syntax and I
have recreated the catch all rule. The radius request is accepted now!

Thanks!

Best regards,
Albert Yung


On Tue, 14 Dec 2021 at 10:17 PM, Zammit, Ludovic  wrote:

> Hello Albert,
>
> As the logs say:
>
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> INFO: [mac:00:1c:42:59:98:e3] No rules matches or no category defined for
> the node, set it as unreg.
>
> It looks like that your username does not match anything.
>
> I might know why. Where is located your AD account ? Because you search
> only one level down from “etad” OU.
>
> You can test the rules with that command:
>
> /usr/local/pf/bin/pftest authentication USERNAME “"
>
> Yu could give me the full log as well:
>
> grep 00:1c:42:59:98:e3 /usr/local/pf/logs/packetence.log
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> 
> Cambridge, MA 02142
> 
> Connect with Us:  
>  
> 
> 
>
> On Dec 13, 2021, at 5:23 PM, Albert Yung via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hi All,
>
> I am using PF 11.0.0 and got an error while trying to authenticate against
> the AD server, the message was in the packetfence.log file:
>
> Dec 13 20:02:20 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> WARN: [mac:00:1c:42:59:98:e3] [etad-auth catchall] Searching for
> (sAMAccountName=etad\albert), from CN=Users,DC=etad,DC=tw,DC=lab, with
> scope base (pf::Authentication::Source::LDAPSource::match_in_subclass)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> INFO: [mac:00:1c:42:59:98:e3] No rules matches or no category defined for
> the node, set it as unreg. (pf::role::getNodeInfoForAutoReg)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> WARN: [mac:00:1c:42:59:98:e3] No category computed for autoreg
> (pf::role::getNodeInfoForAutoReg)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> WARN: [mac:00:1c:42:59:98:e3] No role specified or found for pid
> etad\albert (MAC 00:1c:42:59:98:e3); assume maximum number of registered
> nodes is reached (pf::node::is_max_reg_nodes_reached)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> ERROR: [mac:00:1c:42:59:98:e3] no role computed by any sources -
> registration of 00:1c:42:59:98:e3 to etad\albert failed
> (pf::registration::setup_node_for_registration)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> ERROR: [mac:00:1c:42:59:98:e3] auto-registration of node failed no role
> computed by any sources (pf::radius::authorize)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> ERROR: [mac:00:1c:42:59:98:e3] Database query failed with non retryable
> error: Cannot add or update a child row: a foreign key constraint fails
> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES
> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`,
> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`,
> `detect_date`, `device_class`, `device_manufacturer`, `device_score`,
> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`,
> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`,
> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`,
> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`,
> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY UPDATE
> `autoreg` = ?, `last_seen` = ?, `pid` = ?, `tenant_id` = ?]{yes, NULL,
> NULL, , NULL, WinDev2110Eval, 2021-12-08 17:06:46, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, 1,3,6,15,31,33,43,44,46,47,119,121,249,252, MSFT 5.0,
> -00-00 00:00:00, 2021-12-11 15:06:10, 2021-12-13 20:02:20, -00-00
> 00:00:00, 00:1c:42:59:98:e3, NULL, , etad\albert, -00-00 00:00:00, ,
> unreg, 1, NULL, -00-00 00:00:00, , no, yes, 2021-12-13 20:02:20,
> etad\albert, 1} (pf::dal::db_execute)
> Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362)
> ERROR: [mac:00:1c:42:59:98:e3] Cannot save 00:1c:42:59:98:e3 error (500)
> (pf::radius::authorize)
> Dec 13 20:02:22 packetfence pfqueue[31315]: pfqueue(31315) INFO:
> [mac:unknown] Inserting 'NTHASH:etad01:albert' =>
>

[PacketFence-users] mac auth with ldap as source for mac addresses

2021-12-15 Thread Sebastian Gille via PacketFence-users 
Hi,
 
i have a question regarding mab and packetfence.
My idea is to check allowed mac-addresses against ldap instead of import the 
macs by csv to the database.
Because our ldap is the only valid and complete source of information.
My understanding is that i must configure an authentication source --> done
Also an auth rule to map a role to the client. --> done
Second a connection profiles which utilizes this auth source. --> done
So far so good, but if i understood correctly, this should also configured in 
the files at mods and sites-enabled?
This is what i understood after reading through the guide and noticed that the 
profile was triggered by a radius request but the auth source wasn't touched
 
my questions:
 
Is this a valid configuration option on packetfence and how can i accomplish 
this task?
Maybe someone did it before and can push me in the right direction.
 
Thx,
 
Sebastian___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] unable to login after restarting services

2021-12-15 Thread rein--- via PacketFence-users 
please open your browser console tools and try to login. There should be some 
data pointing you into the right direction.

Or login via ssh and give all the services a restart with the pfcmd command.

Rein

December 13, 2021 2:11 PM, "IS AppSec (IT/Chennai) via PacketFence-users" 
mailto:packetfence-users@lists.sourceforge.net?to=%22IS%20AppSec%20(IT/Chennai)%20via%20PacketFence-users%22%20)>
 wrote:
Dear Team, 

Any update on the below query? 

Regards 

Arun 

Information Security Analyst  

Networks & Security – FT 

Phone: +91 9750831454 

P Please don't print this email unless you really need. Save Papers, 
Save Trees, Save Earth. 
 (https://www.facebook.com/TVSCREDIT/)  (https://twitter.com/TVSCredit) 
 (https://www.linkedin.com/company/tvs-credit-services-ltd-/)  
(https://www.tvscredit.com/) 
From: IS AppSec (IT/Chennai) via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net)>
Sent: 10/12/2021 18:01
To: packetfence-users@lists.sourceforge.net 
(mailto:packetfence-users@lists.sourceforge.net)
Cc: IS AppSec (IT/Chennai) mailto:is.app...@tvscredit.com)>
Subject: [PacketFence-users] unable to login after restarting services
Importance: High 
CAUTION: This email originated from outside of the organization. Do not 
click links or open attachments unless you recognize the sender and know the 
content is safe.  
Dear Team, 

I have clicked “restart all” option after a configuration change. 

While doing so I got some error messages in the notifications tab. 

After sometime when I am logging in to the web portal I am getting an 
error message “Wasn't able to authenticate those credentials” and I could not 
access web portal.  

But I can able to get SSH access. Kindly help me on this to recover the 
console. 

Regards 

Arun 

Information Security Analyst 

Networks & Security 

Phone: +91 9750831454 

P Please don't print this email unless you really need. Save Papers, 
Save Trees, Save Earth. 
 
(https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FTVSCREDIT%2F=04%7C01%7Cis.appsec%40tvscredit.com%7C6eca5eafc6a74507cb3508d9bbdf16f5%7C125330dbc70b4f5e81c623e86d3c1f3a%7C0%7C0%7C637747389107332153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=aJVHlgKRb5RFuh7guSnmPhDrsFab7%2BXP%2FazvcsCiASo%3D=0)
  
(https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FTVSCredit=04%7C01%7Cis.appsec%40tvscredit.com%7C6eca5eafc6a74507cb3508d9bbdf16f5%7C125330dbc70b4f5e81c623e86d3c1f3a%7C0%7C0%7C637747389107332153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=jnIbvuxFmn3lfUGVNjJGg3ksdXmOAPgElHhUZGRIfk4%3D=0)
  
(https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Ftvs-credit-services-ltd-%2F=04%7C01%7Cis.appsec%40tvscredit.com%7C6eca5eafc6a74507cb3508d9bbdf16f5%7C125330dbc70b4f5e81c623e86d3c1f3a%7C0%7C0%7C637747389107332153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=mNKaeqnyIRhqXIpO7ICTMynzIREhojKwjQ18SAHD5k8%3D=0)
  
(https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.tvscredit.com%2F=04%7C01%7Cis.appsec%40tvscredit.com%7C6eca5eafc6a74507cb3508d9bbdf16f5%7C125330dbc70b4f5e81c623e86d3c1f3a%7C0%7C0%7C637747389107332153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=NIShFODR2ov1NzYEdu9%2FZLXARXuP%2F8wjhoGJMkcLxLE%3D=0)
 

This message (including any attachments) is intended only for the use 
of the individual or entity to which it is addressed and may contain 
Information that is non-public, proprietary, privileged, confidential, and 
exempt from disclosure under applicable law or may constitute as attorney work 
product. If you are not the intended recipient, you may please note that any 
use, dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication   This 
message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain Information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you may please note that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii)