Hello Akala,
can you send me your profiles.conf and portal_modules.conf and
provisioning.conf ?
Regards
Fabrice
Le 2017-08-11 à 07:15, Akala Kehinde via PacketFence-users a écrit :
> HI guys,
>
> Any thoughts on this?
>
> Regards,
> Kehinde
>
> On Tue, Aug 8, 2017 at 7:44 PM, Akala Kehinde
Hello Rachid,
your issue is with the reevaluate access, check in the log why the
deauth is not working.
Regards
Fabrice
Le 2017-08-11 à 08:06, Rachid Boutarene via PacketFence-users a écrit :
>
> Hello , I contact you to ask if you can help me?
>
> I had installed successful Packet fence and
Hello Yan,
Le 2017-08-10 à 23:27, Yan Kimiko via PacketFence-users a écrit :
>
> Thank you Durand.
>
>
> /Currently we are in classifying and preparing period. We’ll consider
> buying inverse consulting once we really need help. As we are in
> China, we have also to make sure inverse selling
raddebug ...
Le 2017-08-17 à 06:12, Emmanuel Togo a écrit :
>
> Hello Fabrice,
>
> raddebuf command is not available.
>
>
> Regards
>
> Emmanuel
>
>
>
>
> *From:* Durand fabrice via PacketFence-users
>
cketfence-users@lists.sourceforge.net>
> *Cc:* Alessandro Canella <alessandro.cane...@itcare.it>
> <mailto:alessandro.cane...@itcare.it>
> *Oggetto:* [PacketFence-users] R: R: R: network-access-detection
>
>
>
> Fabrice,
>
>
>
>
; dhcp_max_lease_time=86400
>
> fake_mac_enabled=disabled
>
> dhcpd=enabled
>
> dhcp_end=192.168.30.246
>
> type=inlinel2
>
> netmask=255.255.255.0
>
> dhcp_default_lease_time=86400
>
>
>
> *Da:*Fabrice Durand via PacketFence-users
> [mailto:packetf
Hello Alessandro,
You need to use eapol_test for eap test:
%eapol_test -c -a -p -s
Example config file:
network={
ssid="test"
key_mgmt=IEEE8021X
eap=
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
phase2="auth=MSCHAPV2"
identity=""
password=""
}
Hello Kehinde,
in my opinion the better setup to do is to use security onion and send
the syslog to PacketFence.
Regards
Fabrice
Le 2017-07-18 à 06:44, Akala Kehinde via PacketFence-users a écrit :
> Hallo guys,
>
> The suricata.yaml file is missing in PF7.x. I'm trying to do a
> Suricata
Hello Luca,
add a realm dm.loc and assign it to your domain and restart radius.
Regards
Fabrice
Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit :
>
> I've found this error in radius.log
>
>
> ERROR: mschap_machine: Program returned code (1) and output 'Reading
> winbind reply
and tested with wbinfo. But if I try
>> a radtest vs my domain I obtain an Access-Reject. Any suggestio on
>> how to troubleshoot this problem? I would like to go in production
>> but with those results I have to leave.
>>
>>
>> Thanks
>>
>>
>&
like to go in production but
> with those results I have to leave.
>
>
> Thanks
>
>
> Luca
>
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
>
> --------------------
> *Da:* Fabrice Durand via PacketFen
manner the error is not shown in radius.log but machine
>>> authentication is still not working. Also as the preceding email the
>>> domain (DM) is correctly joined and tested with wbinfo. But if I try
>>> a radtest vs my domain I obtain an Access-Reject. Any suggestio o
Hello Yohann,
can you check if those 2 packages are installed:
cairo-1.14.2-1.el7.x86_64
pycairo-1.8.10-8.el7.x86_64
Regards
Fabrice
Le 2017-07-25 à 05:10, LE GALL Yohann a écrit :
>
> Hi Fabrice,
>
>
>
> Yes, I’m living in Brittany.
>
>
>
> I’ve found exactly the same file with a grep
Hello Lucas,
first edit domain.conf and remove anything and do a "pfcmd configreload
hard" in order to retreive the config in admin
Next be sure that domain name are in upper case and retry and ip forward
is enable.
Regards
Fabrice
Le 2017-06-29 à 08:30, Lucas Beier via PacketFence-users a
Hello Akala,
if nessus run on the same server then try 127.0.0.1 for the server ip.
Also what return : netstat -nlp | grep 8834
Regards
Fabrice
Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users a écrit :
> Just FYI, the Nessus server runs on the PF server.
>
> Regards,
> Kehinde
>
Yes it's possible but you have to play with the vlan filters.
Regards
Fabrice
Le 2017-07-28 à 12:22, Akala Kehinde via PacketFence-users a écrit :
> Or is it possible to have 2 different registration VLANs??
>
> Regards,
> Kehinde
>
> On Fri, Jul 28, 2017 at 6:21 PM, Akala Kehinde
Hello Luís,
can you paste your networks.conf and pf.conf please ?
Regards
Fabrice
Le 2017-07-28 à 10:37, Luís Torres via PacketFence-users a écrit :
>
> Hello,
>
>
>
> Im new to packetfence and Im trynig to put the captive portal
> working..., Im integrating with a Cisco WLC5500.
>
> If I
Hello Akala,
can you check what you have in the packetfence pki logs ?
/usr/local/packetfence-pki/logs
Regards
Fabrice
Le 2017-07-28 à 11:51, Akala Kehinde via PacketFence-users a écrit :
> Hello Antoine,
>
> I still get the error even though the output below looks good:
>
> [root@egelsbach
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2
Le 2017-07-28 à 12:21, Akala Kehinde via PacketFence-users a écrit :
> Hello guys,
>
> Below is my AP (Cisco 1242 AG) configuration in an OOB setup:
>
> When I tried configuring SSID GUEST to be in same
Hello Cristian,
can you put the log of pfqueue in TRACE and retry , you will have more
debug to understand what happen.
Edit conf/log/conf.d/pfqueue.conf
### pfqueue logger ###
log4perl.rootLogger = TRACE, QUEUE_SYSLOG
Regards
Fabrice
Le 2017-08-07 à 09:23, Cristian Mammoli via
Hello Alessandro,
you probably missconfigured the dns.
Can you give me your networks.conf ?
Regards
Fabrice
Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
>
> I’ve retried and checked traffic.
>
>
>
> As wrotten, I’m in inline, users authenticate but GIF cannot
Hello Cristian,
you can do that:
[smartphones_by_devclass]
filter = node_info.device_class
operator = is
value = Smartphones/PDAs/Tablets
[employees_ssid]
filter = ssid
operator = is
value = aprapfdot1x
[set_smartphone_role:smartphones_by_devclass_ssid]
scope = RegisteredRole
role =
Hello Akala,
does ip_forward is enable ?
does the time of the packetfence server is the same as the AD server ?
Regards
Fabrice
Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
> Hello Fabrice,
>
> Kindly see below:
>
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
> could not obtain
If Nessus support it then why not but it need to be coded in teh Nessus6
module.
Regards
Fabrice
Le 2017-08-23 à 03:01, Akala Kehinde a écrit :
> Hello Fabrice,
>
> Basically what I was trying to ask is if it's possible to attache more
> than 1 scan policy to a Nessus scan engine. Don't think
Hello Chandra,
Create a new Root portal module and add a authentication login, then
create a new connection profile , add a filter based on per example the
ssid and assign a Root portal module that only do login.
To detect the network connectivity packetfence try to fetch a gif on
internet, so
Haproxy terminate the ssl tunnel and not apache anymore (for the portal).
So just this file is enough /usr/local/pf/conf/ssl/server.pem
Regards
Fabrice
Le 2017-08-23 à 03:24, Will Halsall via PacketFence-users a écrit :
>
> I just added the intermediate certificate to the cat process:
>
>
sr/local/pf/run/radius-acct.sock -t 300
>
> radmin: Failed connecting to /usr/local/pf/run/radius-acct.sock: No
> such file or directory
>
>
>
> Regards
>
> Emmanuel
>
>
>
> *From: *Fabrice Durand via PacketFence-users
> <packetfence-u
Hi Hello Kehinde,
MAB is exactly what you need , also for that create a violation that
will autoreg printer, it will be easier than vlan filters.
Regards
Fabrice
Le 2017-06-08 à 07:51, Akala Kehinde via PacketFence-users a écrit :
> Hallo,
>
> Hallo guys,
>
> Want to knw if it's possible to
Hello Mancharagopan Ponnampalam,
first are you using PacketFence in inline mode ?
If it's inline mode you need to be sure that pfbandwidthd is enable.
Also if you are using radius then you need to have the accounting from
the AP/Switch.
Regards
Fabrice
Le 2017-06-09 à 12:28,
Hello Denis,
you will have to compare the current schema and the schema from this
file :
https://github.com/inverse-inc/packetfence/blob/devel/db/pf-schema-6.4.0.sql
Connect to the db pf and do :explain node; and compare ...
regards
Fabrice
Le 2017-06-14 à 11:16, denis via PacketFence-users
Hello Rafael,
vlan 10 is for registration so it's normal that you don't have internet
access.
Regards
Fabrice
Le 2017-06-12 à 16:14, Diogo Rafael via PacketFence-users a écrit :
>
> Hi,
>
> Im trying to implement VLAN Enforcement on my environment but im
> having some troubles
>
> I have
Hello Darryl,
in fact you just have to modify networks.conf and cluster.conf to remove
inline related config. (bin/pfcmd configreload hard)
Regards
Fabrice
Le 2017-06-13 à 18:12, Sokolowski, Darryl via PacketFence-users a écrit :
>
> Hi all,
>
> let me say I’m loving this product! Good work
Hello Kam,
PacketFence doesn't support local snort/suricata but just remote.
What you can do is to install security onion on another server and
configure it to send the alert to the packetfence server. (see doc).
I am also agree that there is still references in the documentation on
the local
Hello Draffin,
it happen when your server is not able to download the database.
What you can do is to answer no when it ask you for your fingerbank key
and it will not download the database.
Regards
Fabrice
Le 2017-10-03 à 22:21, Draffin, Walt via PacketFence-users a écrit :
> I'm trying to
Hello Spencer,
you can try with AP that support openwrt, also there is a Ubiquity
controller that can manage Ubiquity AP and we are close to support
MAC-AUTH and 802.1x with this setup.
Regards
Fabrice
Le 2017-10-10 à 05:12, Spencer Hazell via PacketFence-users a écrit :
>
> Hi
>
>
>
> Can
ined in users field?
>
> If this field not match don’t allow?
>
>
>
> Tomasz Karczewski
>
> Administrator Sieci
>
>
>
> olman
>
>
>
> tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.p
//www.uwm.edu.pl
>
> tel. (89) 523 45 55 fax. (89) 523 43 47
>
>
>
> Ośrodek Eksploatacji i Zarządzania
>
> Miejską Siecią Komputerową OLMAN w Olsztynie
>
> Uniwersytet Warmińsko-Mazurski w Olsztynie
>
>
>
> *From:*Fabrice Du
Hello Tomasz,
create a rule for each users and at the end add a catch_all with the
reject role.
Regards
Fabrice
Le 2017-10-05 à 07:42, Tomasz Karczewski via PacketFence-users a écrit :
> Hi,
>
> I'm trying to allow only selected users to wifi with specific ssid and
> connection-type.
> For
Hello Joshua,
it's probably the radacct/radacct_log/locationlog table.
Do a: select count(*) from radacct; (on each tables) you probably have a
huge table.
So just do a truncate radacct/radacct_log/locationlog and it should be ok.
Btw in the new packetfence version we limit that.
Regards
Hello Yan,
it looks that you didn't imported fingerbank into mysql.
Go in Configuration -> Compliance -> Fingerbank Profiling -> General
settings then in Action "Initialize MySQL database".
Regards
Fabrice
Le 2017-10-17 ?? 03:19, Yan via PacketFence-users a ??crit?0?2:
> Hi dear users,
>
>
Hello Brian,
the dns must be a production one.
The wlc is suppose to intercept the http/https traffic and forward you
to the captive portal.
So it can be an issue with the ACL (i am not sure since you are able to
hit it), or a maybe you didn't enabled Radius NAC in the ssid config.
Regards
Hello Hubert,
you have a tab "Files" in Connection Profiles and Pages.
Feel freer to edit the html pages.
Also there is locales in conf/locale/en/LC_MESSAGES you probably have
to edit too.
Do that after you edited the locales:
for TRANSLATION in de en es fr he_IL it nl pl_PL pt_BR; do
Hello Brian,
are you able to resolve a fqdn from your laptop ?
What is your acl , can you show me how it look ?
Regards
Fabrice
Le 2017-10-11 à 09:23, Brian Ott a écrit :
>
> Thanks for the reply Fabrice!
>
>
> Changing to HTTP doesn't alter the results, it still doesn't forward.
>
>
> Brian
Hello Luís,
there https://www.transifex.com/inverse/packetfence/
Regards
Fabrice
Le 2017-09-25 à 05:57, Luís Torres via PacketFence-users a écrit :
>
> Hello mates,
>
>
>
> how can I translate the captive portal to other language? any guides?
>
>
>
> thanks
>
>
>
>
>
Hello Nathan,
there is no systemd script to restart the whole packetfence's services.
What you can do is the following:
/usr/local/pf/bin/pfcmd service pf start
Regard
Fabrice
Le 2017-09-26 à 04:43, Nathan, Josh via PacketFence-users a écrit :
> Sorry, to be a little more specific... it
Hello Kylián,
anything in packetfence.log ?
Can you see something in journalctl ?
Regards
Fabrice
Le 2017-09-29 à 09:21, Kylián Martin via PacketFence-users a écrit :
> Hi all,
>
> having strange behavior after upgrade to 7.3.0:
>
>
> /var/log/messages
>
> Sep 29 15:02:04 NAC1 perl:
Hello Alessandro,
what you probably have to do is to change the default route to use OUT
and define in PacketFence configuration Interface SNAT to OUT.
With that the OUT interface will be natted for the inline network and
the default route will permit to pass through this interface.
Regards
t; ERROR pfcmd.pl(50729):
> pf::services::manager::haproxy=HASH(0xade6b0)->name died or has failed
> to start (pf::services::manager::postStartCleanup)
>
>
>
> the service HAproxy wont start
>
>
>
> regards
>
> LT
>
>
>
> Em 2017-10-03 14:13, Fabr
In fact haproxy terminate the ssl tunnel so you don't have to change the
ssl-certificates.conf file.
This file is just use for the admin interface now and not the portal
anymore.
So just do that: (MyCERT.crt and MyPRIVKEY.key are your certificate files)
cat conf/ssl/MyCERT.crt
Hello Mj,
you can create a connection profile based on the connection type
Ethernet-EAP and activate autoregistration on it.
Regards
Fabrice
Le 2017-10-03 à 05:37, lists via PacketFence-users a écrit :
> Hi,
>
> We have an pf-inline wifi-segment with a captive portal, and also a
>
orward = 1
>
> Checked timing already on both servers, it"s d same.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via
> PacketFence-users <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-user
Hello Akala,
it looks that it's an issue with proxypassthrough configuration.
Check if this command return the correct config for
fencing.proxy_passthroughs
Regards
Fabrice
Le 2017-08-28 à 16:36, Akala Kehinde via PacketFence-users a écrit :
>
>
> On 28 Aug 2017 8:10 PM, "Akala Kehinde"
Hello Rokkhan,
try this:
cp /usr/local/pf/conf/radiusd/auth.conf.example
/usr/local/pf/conf/radiusd/auth.conf
then restart radiusd.
Regards
Fabrice
Le 2017-08-28 à 16:52, Rokkhan via PacketFence-users a écrit :
> i can not start radiusd service on PF 7.2 but packetfence logs show
> like
out; trying next origin
> ;; connection timed out; no servers could be reached
>
> [root@pfence sysctl.d]#
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:p
Hello Moritz,
just keep in mind that the registration and isolation vlan is managed by
packetfence (dhcp/dns/gateway), after that the production vlan can be
what you want.
Regards
Fabrice
Le 2017-08-25 à 10:39, Moritz Schmid via PacketFence-users a écrit :
> Hey guys,
>
> I’m new to pf and a
Hello Michael,
you will have to play with the iptables rules.
check in conf/iptables.conf and the current rules in
var/conf/iptables.conf, you will see what to do.
Also have a look at ipset -L , there is some ipset session for each
different network / roles.
Regards
Fabrice
Le 2017-08-31 à
Hello Jon,
does winbind run ?
Regards
Fabrice
Le 2017-08-28 à 23:19, Jon Falconer via PacketFence-users a écrit :
> Greetings all,
>
> I have done a fresh install of Packet Fence 7.2.0, and in configuring it,
> have setup an Active Directory domain join. Packet Fence seems to think that
>
Hello Ian,
it's an option to enable in PacketFence where you update the iplog
information based on the radius accounting.
Regards
Fabrice
Le 2017-08-28 à 23:10, Ian Halliday via PacketFence-users a écrit :
> Hello Listmates,
>
> We just completed a PF install in a routed environment using
Hello Spencer,
it looks that your AP can do 802.1x but mac auth i am not sure.
Also the switch must support multi auth in order to authenticate all the
mac address.
Lat thing you can do is to enable floating device in packetfence and
return an inline vlan in order to authenticate each devices
<http://bfacademy.de/>
>
>
>
>
>
> On Tue, Sep 26, 2017 at 2:15 PM, Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>
> Hello Nathan,
>
&g
Hello Luca,
pftest will use ldap bind to authenticate but freeradius will use ntlm_auth.
Can you do this on your server:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
And try to authenticate, you will be able to see why it failed to
authenticate. (you can paste the result).
Regards
> Встроенное изображение 3Встроенное изображение 2Встроенное изображение 1
>
> 2017-10-17 15:56 GMT+02:00 Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>>:
>
> Hello Nicolay,
a copy.
> Any unauthorized use of this message can expose the responsabile party
> to civil and/or criminal penalties.
>
>
>
> Descrizione: Descrizione: cid:696372015@22072008-1A64
>
>
>
>
>
> *Da:*Fabrice Durand via PacketFence-users
> [mailt
Hello Brian,
did you try to use the same acl that we have in the documentation ?
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth
This acl is more a trigger than a real acl.
Also can you paste a radius answer when you try to
ged. if you are not the intended recipient, please immediately
> notify us
> and destroy this message and any attachments without retaining a copy.
> Any unauthorized use of this message can expose the responsabile party
> to civil and/or criminal penalties.
>
>
>
> Descrizione: Descriz
Hello Yan,
do you have a proxy between PacketFence and internet ?
When i see your wget command, i can see that :?0?2 "Issued certificate has
expired" and the fingerbank.inverse.ca certificate is not yet expired so
there is probably something that block/filter the request.
Regards
Fabrice
Le
civili
> e penali.
>
>
>
> This message may contain information which is confidential or
> privileged. if you are not the intended recipient, please
> immediately notify us
> and destroy this message and any attachments without retaining a
> copy. Any u
Hi Yan,
once you have the file, go in the admin gui,?0?2 Configuration ->
Compliance -> General settings, verify that the mysql credentials and
database name is correct then "Action -> Initialize MySQL database"
If the access to the db is ok then you should be able to see a process
"python"
Hi Yan,
there is a database who is coming with the fingerbank package, so you
can probably found it in /usr/local/fingerbank/db. (yum reinstall
fingerbank if needed)
If you have it (fingerbank_Upstream.db) then you can integrate it into
mysql then the futur update will be just some interim
Hello Cristian,
It is but because the supplicant send DOMAIN\Username and the portal use
the sAMAccountName.
The solution could be to use another attribute that contain the
DOMAIN\Username but i am not sure it exist on the active directory and i
am not sure that user will be happy to fill
>
>
>
> Questo messaggio puo' contenere informazioni di carattere
> riservato e confidenziale. Qualora non foste i destinatari, vi
> preghiamo di notificarcelo
> e di provvedere ad eliminare il messaggio, con gli eventual
Hello Nicolay,
something like that should work:
/common/IPGL.png
Regards
Fabrice
Le 2017-10-20 à 03:37, Nicolay Rytchev via PacketFence-users a écrit :
> Hello All,
>
> I try to change logo on portal web page but without success.
> May be special path for the file should be specified ?
>
>
>
>
Hello Nicolay,
if it's a new SMS gateway then you will need to import it in the database.
So connect to the database and:
INSERT INTO sms_carrier
(id, name, email_pattern, created)
VALUES
(100122, 'MyGateway', '%s@mygateway.gateway', now());
Regards
Fabrice
Le 2017-10-20 à 09:50,
mit.
>
> #
>
> msg_denied = "You are already logged in - access denied"
>
> }
>
>
>
>
>
>
>
> */Luca Messori/*
>
> _
>
>
>
> Descrizione: mead
>
>
>
>
>
&
ice,
>
> Thank you for your advice. I am not really familiar with database
> configuration.
> I am network engineer.
> Could you be more specific about how and where to do that?
>
>
> Regards,
> Nicolay
>
>
> 2017-10-23 15:30 GMT+02:00 Fabrice Durand via
Hello Cristian,
so i am able to replicate it and it looks to be a bug with the ios version.
Let's say i have a nothing connected on the port Gi1/0/8, if i do that:
Switch#sh interfaces gigabitEthernet 1/0/8
GigabitEthernet1/0/8 is administratively down, line protocol is down
(disabled)
ha scritto:
>> If you mean PacketFence is 7.3.0
>> If you mean IOS: Cisco IOS Software, C2960X Software
>> (C2960X-UNIVERSALK9-M), Version 15.2(2)E6, RELEASE SOFTWARE (fc1)
>>
>>
>> Il 19/10/2017 16:41, Fabrice Durand via PacketFence-users ha scritto:
&
Hello Ricardo,
i am not seeing what is wrong but it's not suppose to have that in the
log: Can't re-evaluate access because no open locationlog entry was found
Can you put the portal in debug mode ?
conf/log.conf.d/httpd.portal.conf:
### httpd.portal logger ###
log4perl.rootLogger = INFO,
47:37 -0500] "192.168.2.223" "GET
> /Ruckus?sip=192.168.2.100=58b63311d5e0_mac=60f81dc3e758=192.168.2.126==ZoneDirector218.domain.com
> <http://ZoneDirector218.domain.com>=http%3a%2f%2fcaptive.apple.com
> <http://2fcaptive.apple.com>%2fhotspot%2ddetec
Hello Spencer,
you can use something like that:
https://www.ubnt.com/unifi/unifi-ap-ac-lite/
There is only a limitation with 802.1x (i hope Ubiquiti will fix it) but
mac auth should be ok.
Regards
Fabrice
Le 2017-11-24 à 06:11, Spencer Hazell via PacketFence-users a écrit :
>
> Hi
>
>
>
https://github.com/inverse-inc/packetfence/pull/2735
Le 2017-11-24 à 08:48, Gonzague Dambricourt a écrit :
> Yeah for now . .UniFi doesn’t support CoA :(
>
>> Le 24 nov. 2017 à 14:46, Fabrice Durand via PacketFence-users
>> <packetfence-users@lists.sourceforge.net
>>
Hello Jason,
Le 2017-11-21 à 23:40, Jason Sloan a écrit :
> Fabrice,
>
> Totally understand being busy. Thanks for the reply. I was actually
> able to get this working a few hours ago, and hadn't had time to post
> a reply. I'm not sure what did it, perhaps adding "strip" to the realm
> options
Hello Yan,
use proxy_passthroughs=123.23.1.2 instead of passthroughs=123.23.1.2 and
retry.
Regards
Fabrice
Le 2017-11-22 ?? 10:26, Yan via PacketFence-users a ??crit?0?2:
> In short, I want to know if it is possible to use PF's Captive Portal
> detection mechanism to pop out the captive
Hello,
try first to restart packetfence-config
systemctl restart packetfence-config
and do a pfcmd configreload hard
Regards
Fabrice
Le 2017-11-23 à 07:07, Samuel Chege via PacketFence-users a écrit :
> You can also try to remove the package called kf5-kio-widgets FIRST
> before
Hello Yan,
you also need to register the device.
so something like that:
[pf_ssid]
filter = ssid
operator = is
value = PF-Wireless
[SG1_switch]
filter = switch._ip
operator = is
value = 172.11.5.121
[reg_by_switch:pf_ssid_switch]
scope = RegistrationRole
action = modify_node
action_param =
Hello Luís,
the only solution i can see is to raise the server resources
Regards
Fabrice
Le 2017-12-14 à 10:05, Luís Torres via PacketFence-users a écrit :
>
> Hi mates,
>
>
>
> is there a way to speed up the opening of the portal webpage? in the
> cluster it takes a few seconds to open it...
gt; other thing I can check?
>
>
> Thanks
>
>
> Luca
>
>
>
> ----------------
> *Da:* Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net>
> *Inviato:* venerdì 15 dicembre 2017 14:46
> *A:* packetfence-users@lists.sourceforge.net
> *Cc:* F
Hello,
yes if the ios is not something completely exotic it should be ok.
Regards
Fabrice
Le 2017-12-15 à 06:25, Tomasz Karczewski via PacketFence-users a écrit :
>
> Does it have different cisco ios?
>
>
>
> Tomasz Karczewski
>
> Administrator Sieci
>
>
>
> olman
>
>
>
>
Hello Luca,
if you want faster answer you can buy a support contract with Inverse.
I answer on the mailing list when i have time to do it and most of the
time i am busy.
So the packetfence.log is not enough complete because what is
interesting is just a after and we should suppose to see
as an
> option in the UniFi controller when you choose WPA Enterprise. You
> can see screenshots of my setup below:
>
> https://i.imgsafe.org/05/ 05bb81f5b4.png
> <https://i.imgsafe.org/05/05bb81f5b4.png>
> https://i.imgsafe.org/05/ 05bbd86ab4.png
>
Just on one of them, right ?
If it's the case then it's normal.
Le 2017-12-12 à 14:22, Luís Torres via PacketFence-users a écrit :
>
> Hi mates,
>
>
>
> manage to recover the cluster but now the dhcp wont start. Gives me
> the error:
>
>
>
> /usr/local/pf/bin/pfcmd service dhcpd restart
>
Hello Yan,
it looks that the pid ( the person ) doesn't exist on your setup.
So check in the person tab if you can find it (the person id appear just
before the error in the log).
Regards
Fabrice
Le 2017-11-16 ?? 05:21, Yan via PacketFence-users a ??crit?0?2:
> Hi dear users,
>
> We use PF
;
> Maybe the bug is related to this:
> https://quickview.cloudapps.cisco.com/quickview/bug/CSCve85309 ?
>
> Il 15/11/2017 22:50, Fabrice Durand via PacketFence-users ha scritto:
>> Hello Cristian,
>>
>> so i am able to replicate it and it looks to be a bug with
Hum ok, really weird.
It looks that first when the device connect on the port 2/43 802.1x
failed so it start mac auth but just after that the port goes down and a
new request is coming from the port 5/3.
When this happen, can you check in the mac-address-table where is the
mac address (before
ter = pf::access_filter::radius->new;
> my $rule = $filter->test('returnAuthorizeRead', $args);
> ($radius_reply_ref, $status) =
> $filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
> return [$status, %$radius_reply_ref];
> }
Hello Pedro,
it looks that it's a reevaluation issue, can you provide the
packetfence.log ?
What controler/AP are you using in your POC ?
Regards
Fabrice
Le 2017-11-17 à 13:03, Pedro Trindade via PacketFence-users a écrit :
> Hello all, I've been trying to make a Packetfence 7.3.0 POC on a
Hello,
this is normal, the dhcp can run only on 2 off them.
Regards
Fabrice
Le 2017-11-17 à 14:35, Tobias Friede via PacketFence-users a écrit :
> Hi,
>
> I have the same problem, maybe that behavior is normal?
>
> My Cluster is a PF 7.2 Cluster.
>
> Greetings
> Tobias
>
> 2017-11-17 16:34
Hello Alessandro,
what is the type of the switch ?
Regards
Fabrice
Le 2017-11-10 à 09:44, Alessandro Canella via PacketFence-users a écrit :
>
> Hello all,
>
>
>
> I solved everything (thanks to all..) ando now I0m investigating about
> this:
>
>
>
>
>
>
>
> Nov 10 13:37:03
Ok let me fix that.
Btw you can remove the file initial_data.json and do a python manage.py
syncdb.
Le 2017-11-14 à 04:12, Jason Sloan a écrit :
> Looks like there's 2 more dependencies
> python-ipaddress
> python-idna
>
> Then it looks like I'm bombing out on an initial data load of some
f, $status) =
> $filter->handleAnswerInRule($rule,$args,$radius_reply_ref);
> return [$status, %$radius_reply_ref];
> }
>
> Then restart PacketFence.
>
> Let me know if it works.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-11-11 à 02:41, Al
1 - 100 of 673 matches
Mail list logo