Hello Domingos,
if the device receive an ip address from the production vlan then it
mean that there is a network miss-configuration.
Can you provide some logs ?
Regards
Fabrice
Le 19-08-05 à 10 h 17, Domingos Varela via PacketFence-users a écrit :
Hi,
I am using pf to authenticate wifi
Hello Alessandro,
can you try pftest to see if it match the rule ?
Also can you try user_email matches regexp *.domain.com ?
Regards
Fabrice
Le 19-08-02 à 16 h 08, Alessandro Uggenti via PacketFence-users a écrit :
Dear all,
Anyone has any hint for this issue?
Thanks in advance
Il Gio 1
Hello Magnus,
yes the mailing list is moderated and i moderate it when i am not
working on other tasks.
Regards
Fabrice
Le 19-08-08 à 12 h 07, Magnus Leßmann via PacketFence-users a écrit :
Hi there,
I'm unable to find anything about this and was unable to get/receive
an answer on IRC
Hello Helen,
check that:
https://github.com/inverse-inc/packetfence/blob/packetfence-9.0.1/conf/stats.conf.defaults
you need to commented out the dhcp stat related sections.
then pfcmd configreload hard and restart pfstats
Regards
Fabrice
Le 19-07-31 à 14 h 46, Helen Power via
which is not in the AD domain? ( It's only in the default
WORKGROUP)
I can't get the scan to work, the packetfence.log doesn't show
anything about scan
On Thu, Jul 18, 2019, 7:58 PM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
It d
= noop
(947) Tue Jul 23 16:33:39 2019: Debug: } # policy
remove_reply_message_if_eap = noop
(947) Tue Jul 23 16:33:39 2019: Debug: linelog: EXPAND
messages.%{%{reply:Packet-Type}:-default}
(947) Tue Jul 23 16:33:39 2019: Debug: linelog: -->
messages.Access-Reject
(947) Tue J
Hello Julien,
not sure to understand your issue, you say that it's a standalone AP but
connected to a controller.
If there is a controller then you probably need to configure the AP on
the controller.
Vous pouvez continuer en français si vous voulez.
Regards
Fabrice
Le 19-08-01 à 08
more from a single pane of glass.
For more information, visit:_www.cloud9stack.io
<http://www.cloud9stack.io/>_
----------------
*From:* Fabrice Durand via PacketFence-users
*Sent:* Friday, July 12, 2019 11:10 PM
*To:* packetfence-users@lists
ction
profile."/
When the client device triggers a violation, will it be automatically
moved to the isolation VLAN
On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Chadwick,
Le
Hello Süleyman,
it looks to be a certificate issue.
I can see that you disable "secure_redirect" but did you restarted the
services ?
Regards
Fabrice
Le 19-07-18 à 05 h 39, Süleyman Gelener via PacketFence-users a écrit :
Dear Subscirbers,
Until now i have set up the packetfence to
Hello Pro fence,
it looks that you miss-configured your cluster.
Did you copy the file cluster.conf on each servers ?
Regards
Fabrice
Le 19-07-18 à 06 h 49, pro fence via PacketFence-users a écrit :
Hello,
does anyone ever encountered the following error using a VIP, from
radius :
"
Hello Helen,
did you applied the maintenance ?
/usr/local/pf/addons/pf-maint.pl
And refresh the admin GUI.
Regards
Fabrice
Le 19-07-18 à 09 h 02, Helen Power via PacketFence-users a écrit :
Hi All,
I try to create a AD source with “mark as sponsor” action, I got the
error messages
https://packetfence.org/doc/PacketFence_Clustering_Guide.html#_performing_an_upgrade_on_a_cluster
Le 19-07-18 à 09 h 05, Luis Torres via PacketFence-users a écrit :
Hello Fabrice,
can you point on the doc so I can plan an upgrade of my cluster?
thank you
LT
Hello Enrico,
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#advanced-access-configuration
Try that instead:
machine_account != "" && ssid == Secure
Regards
Fabrice
Le 19-07-18 à 17 h 29, Enrico Pasqualotto via PacketFence-users a
to help
end users?) I thought it'd be different.
-Original Message-
From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: 22 July 2019 14:11
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] EAP-MD5
Hello Magnus,
did you try https://mgmt_ip:1443 ?
Also do you see the process httpd.admin running ?
Regards
Fabrice
Le 19-07-23 à 15 h 43, Magnus Leßmann via PacketFence-users a écrit :
Hi there,
I'll keep it short and simple:
I want to install PacketFence on Debian 9.9 (Stretch) for a
Hello Benjamin,
can you run this command and try to reconnect ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 300
Then paste the result.
Regards
Fabrice
Le 19-07-23 à 10 h 29, Brenek, Benjamin via PacketFence-users a écrit :
Hello All,
I have been stuck on the issue of getting
, so say, if
EAp-Type=EAP-MD5 then proxy
Thanks
-Original Message-
From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: 23 July 2019 16:19
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users
.2.5:80 <http://192.168.2.5:80>
0.0.0.0:* LISTEN 1026/httpd
tcp 0 0 192.168.3.5:80 <http://192.168.3.5:80>
0.0.0.0:* LISTEN 1026/httpd
thanks in advance,
Regards
On Thu, 18 Jul 2019 at 15:03, Fabr
Hello Schmidt,
we did this king of workflow in PacketFence here:
https://github.com/inverse-inc/packetfence/pull/2667/files
You will just need to adapt the code.
Regards
Fabrice
Le 19-07-22 à 04 h 22, Schmidt Korbinian via PacketFence-users a écrit :
Hello PacketFence users,
I am
Hello Jona,
you need to run pf-maint.pl on you system first.
Regards
Fabrice
Le 19-07-22 à 05 h 58, Stegmaier, Jona via PacketFence-users a écrit :
Hello,
thanks for your reply!
I tried the authentication with the help of roles, but nothing
changed. Packetfence sends the role update,
Hello John,
if your phone does eap-md5 with the username and the password equal to
the mac address then it will work as is in PacketFence.
Also to use AD you need to be able to fetch the clear text password
which is not possible with LDAP.
To be able to make it work then you will need to
Hello Alain,
you just need to edit the iptables template file under
/usr/local/pf/conf/iptables.conf:
-A input-management-if --protocol tcp --match tcp --dport 2048 --jump ACCEPT
-A input-management-if --protocol tcp --match tcp --dport 2443 --jump ACCEPT
Then restart the iptables service.
Hello Ghani,
The simplest way to do it is to set -1 in the registration role.
Regards
Fabrice
Le 19-11-18 à 07 h 11, Sajawal Ghani via PacketFence-users a écrit :
Hello,
I am posting here for the first time, pardon me if this isn't the
correct place to ask a question about PacketFence
Hello Austin,
do you have a sample of the radius request ?
Regards
Fabrice
Le 19-11-13 à 15 h 57, Austin Lawrence via PacketFence-users a écrit :
Hello,
Has anyone had any luck with getting pf radius auth setup with PA
firewalls (for Global protect VPN or Admin auth)?
Thanks,
Not yet, probably for packetfence 10
Le 19-11-13 à 12 h 35, Monica Gordillo via PacketFence-users a écrit :
Howdy,
Is Debian 10 supported?
I'm thinking its not. I'm getting "unmet dependencies". Has anyone
installed PacketFence on Debian 10 yet?
image.png
--
Sincerely,
/Monica/
is a simple Access-Accept with no
other VSA's. Works fine for Cisco VSA though.
Can you please point me to where I should be looking at to fix this.
Thanks you Ali
On Wed, Sep 4, 2019 at 9:37 PM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>&
----------------------
*From:* Fabrice Durand via PacketFence-users
*Sent:* 03 December 2019 13:50
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Packetfence 7.3.0 Captive Portal
Cisco WLC 8540 software version 8.10
Hello Adrian,
can you check in the radius audit log (check the radius tab in the audit
log entry.) what is the value of the cisco-vsa url-redirect attribute ?
Regards
Fabrice
Le 19-12-02 à 10 h 07, Day, Adrian via PacketFence-users a écrit :
Hello,
I was wondering if somebody could
Hello Liborio,
you just don't have access to api.github.com, you probably have a proxy
between packetfence and internet.
Regards
Fabrice
Le 19-12-09 à 10 h 04, Liborio La Fortezza via PacketFence-users a écrit :
Hi
when i try to run pf-maint i get the following error:
Step 1: Patching
Hello Pasquale,
yes it's possible, for that you need to go:
https://mgmt_ip:1443/admin/alt#/configuration/network
then add the Outbound interface in SNAT Interface.
Btw you also need to have the default gateway defined to use Outbound
interface.
Regards
Fabrice
Le 19-12-06 à 06 h 10,
afon, NP4 9RL
We welcome correspondence in Welsh and English. Correspondence
received in Welsh will be answered in Welsh and will not lead to any
delay.
SRS Shared Resource Service, Ty Cyd 2, Gilchrist Thomas Ind. Est,
Blaenavon, NP4 9RL
---------
Hello Ali,
can you do that:
netstats -nlp| grep 80
and see if there is a http/haproxy service listening on the port ?
Regards
Fabrice
Le 19-12-10 à 22 h 38, Amjad Ali via PacketFence-users a écrit :
Hello Ludovic,
Thanks for the response.
I am using web auth with Pica8 switch, this
Hello Denis,
it looks to be more an issue with pfconfig than with the french date.
can you try that:
/usr/local/pf/bin/pfcmd pfconfig clear_backend
/usr/local/pf/bin/pfcmdconfigreload hard
Regards
Fabrice
Le 19-12-10 à 09 h 56, denis via PacketFence-users a écrit :
Hello, I upgraded my
yes one ip per interface and a vip per layer2.
Le 19-12-12 à 15 h 40, Pasquale Lo Bello via PacketFence-users a écrit :
Thanks. So i have to set the ip.addresses in all the interfaces?
Il gio 12 dic 2019, 15:37 Fabrice Durand via PacketFence-users
<mailto:packetfence-us
Hello Nancy,
did you applied the maintenance ?
/usr/local/pf/addons/pf-maint.pl
Regards
Fabrice
Le 19-12-05 à 06 h 08, Nancy Batiste via PacketFence-users a écrit :
Hi,
i can't figure out how to solve this problem. When i connect a new
endpoint to the network, packetfence gets DHCP
Hello David,
what you can do instead of using a dhcp-listener interface is to use the
dhcp sensor
(https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#dhcp-remote-sensor).
Also for the "Missing mandatory element ip or netmask on interface
Hello Ahmed,
you need to play with the portal modules to skip the AUP.
Regards
Fabrice
Le 19-09-22 à 18 h 15, Ahmed Salama via PacketFence-users a écrit :
Hi
I am just new in using Packetfence 9.1, And I happy using it. but I am
facing an issue need help with. we need to skip the AUP from
Hello Francisco,
can you provide the debug of the radius request ?
Like : raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
and paste the output.
Regards
Fabrice
Le 19-12-18 à 16 h 55, Francisco Rivas via PacketFence-users a écrit :
Hi!
I'm using PacketFence 9.0.1, and I'm getting an
Hello Nadim,
it depend of the filter and the order.
The default one will always be the last one and after that the first
match win.
Regards
Fabrice
Le 20-02-10 à 22 h 49, Nadim El-Khoury a écrit :
Hi Fabrice,
I have another question for you.
How does PF choose which connection profile
Ok so assign the default realm in the authentication source and/or the
realm springfieldcollege.edu.
Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit :
Hi Fabrice,
I want to thank you for taking the time to look into the log file.
Yes, we have AD configured as an authentication source. I added
Hello Austin,
we use netdata for the graph. (https://github.com/netdata/netdata)
Regards
Fabrice
Le 20-01-15 à 09 h 02, Austin Lawrence via PacketFence-users a écrit :
Hello,
Just out of curiosity - what tool/engine runs the dashboard graphs? I
think they look great and would be a good
Hello Oskar,
in fact when you do mac authentication the status of the node in
packetfence is the "User" in that case.
So just reg the mac and assign a role and you will be ok.
Regards
Fabrice
Le 20-01-14 à 16 h 40, oskar svedman via PacketFence-users a écrit :
Hi,
Need some guidelines
Hello Fabian,
it's a buffer issue in Freeradius and we can't fix it now.
We have to wait Freeradius 4 for that.
Regards
Fabrice
Le 20-01-09 à 07 h 16, Fabian Hubacher via PacketFence-users a écrit :
Hi Guys
I have an issue with my packetfence installation. I try to connect a
Windows 10
Hello Andrew,
you should check on the wlc log to see what happen.
Regards
Fabrice
Le 20-01-15 à 11 h 08, Lierman, Andrew via PacketFence-users a écrit :
I have had trouble the past couple versions of packetfence. When I
deregistered a client in the web interface, the clients would
Ok so first there is no ssid sent in the radius request so you can't use
a filter based on the ssid.
So what you can do (removed the ssid):
[Wireless_EAP]
filter_match_style=all
description=Wireless_EAP
sources=tacos-MachineAuth
filter=connection_type:Wireless-802.11-EAP
autoregister=enabled
Hello Ian,
it's a know issue with Samsung devices, in fact if the device won't pop
the portal if the device is on the same layer 2 network.
It has been fixed in
https://github.com/inverse-inc/packetfence/pull/5086 and will be part in
the incoming packetfence v10.
Btw if the registration
Hello Wagner,
do the search with sAMAccountName=iran not sAMAccountName = packetfence
Regards
Fabrice
Le 20-03-23 à 10 h 45, Wagner Liegio a écrit :
Good morning Fabrice,
Follows return of the informed command:
version: 1
#
# LDAPv3
# base com, DC = br> with scope subtree
# filter:
Hello Charbel,
127.0.0.1:18120 is not the packetfence virtual server.
Btw paste the raddebug when you try to connect.
Regards
Fabrice
Le 20-03-23 à 12 h 36, Charbel Rizk via PacketFence-users a écrit :
Hello,
I have a fresh installation of Packetfence, I'm trying to test local
radius
Hello Wagner,
so it mean that there is no user with the attribute sAMAccountName=iran
in OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br
So if there is no user then there is no role returned.
Regards
Fabrice
Le 20-03-23 à 14 h 13, Wagner Liegio a écrit :
Fabrice,
Below is the
Hello Wagner,
i am here to help you, if there is no user in the OU who match
sAMAccountName=iran then it's the issue.
Try in the whole ldap server then to see if it returns something:
ldapsearch -h 10.10.10.70 -s sub -b "DC=tabajara,DC=com,DC=br" -D
Hello Neal,
just uncheck monitor in the authentication source and it will stop to ping.
Regards
Fabrice
Le 20-09-08 à 08 h 56, 'van Rooij Neal' via PacketFence-users a écrit :
Hello,
I opened WireShark to check if i was properly receiving my DHCP
request on a Windows Server, and noticed
ain.
# Make sure to adjust the FORWARD rules also to allow traffic back-in.
%%nat_postrouting_vlan%%
#
# Routing for the hidden domain network
#
%%domain_postrouting%%
COMMIT
Op wo 7 okt. 2020 om 15:17 schreef Fabrice Durand via
PacketFence-users <mailto:packetfence-users@lists.sourceforge.net&g
Hello Geert,
can you provide the file /usr/local/pf/var/conf/iptables.conf and the
output of iptables -L -n -v
Regards
Fabrice
Le 20-10-07 à 08 h 11, Geert Heremans via PacketFence-users a écrit :
Thank you Maile and others
Really appreciate it.
Putting the management network on the
Hello Louis,
you will need to check in the packetfence.log what authentication source
is used when you log on the portal (to validate the access).
Regards
Fabrice
Le 20-10-06 à 21 h 47, Louis Scaringella via PacketFence-users a écrit :
I made some progress with this. I can now progress
Hello Louis,
can you provide the packetfence.log when you authenticate and hit the
portal ?
Regards
Fabrice
Le 20-10-06 à 17 h 30, Louis Scaringella via PacketFence-users a écrit :
Still no luck with this. Can someone verify that my profile config looks
alright? It seems very
that as a sponsor in its database?
No really necessary, you have to choose between using a local account or an
ad/ldap account.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 11:52 AM, Fabrice Durand via PacketFence-users
wrote:
What i
::_from_profile)
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 8:15 AM, Fabrice Durand via PacketFence-users
wrote:
Hello Louis,
you will need to check in the packetfence.log what authentication source is
used when you log on the portal
tion types. That
is the "Lab-Aruba-OpenGuest-copy” profile in this case.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 8:17 AM, Fabrice Durand via PacketFence-users
wrote:
Hello Louis,
can you provide the packetfence.log when you authenticate and
-342-7903
On Oct 7, 2020, at 11:52 AM, Fabrice Durand via PacketFence-users
wrote:
What i think it's probably because of the username attribute in the AD
authentication source.
When you set a sponsor in the portal then packetfence try to find the email
address in the AD and check if the user
Networks, Inc
785-342-7903
On Oct 7, 2020, at 11:52 AM, Fabrice Durand via PacketFence-users
wrote:
What i think it's probably because of the username attribute in the AD
authentication source.
When you set a sponsor in the portal then packetfence try to find the email
address in the AD
Hello,
you will probably needs to fix the network issue first.
Check to see if the interface eth0 is in the correct network.
Also try tcpdump -i eth0 to see if you see traffic from the management
network.
Regards
Fabrice
Le 20-10-07 à 09 h 15, rsm1080 via PacketFence-users a écrit :
connection profile I want which is the
one with the customized portal logo and different guest authentication types. That
is the "Lab-Aruba-OpenGuest-copy” profile in this case.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 8:1
httpd.portal(2613) INFO:
[mac:00:24:d6:5b:30:bc] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
If the SSID filter is removed, it matches the connection profile I want which is the
one with the customized portal logo and different guest authentication types. That
is
::ProfileFactory::_from_profile)
If the SSID filter is removed, it matches the connection profile I want which is the
one with the customized portal logo and different guest authentication types. That
is the "Lab-Aruba-OpenGuest-copy” profile in this case.
Louis Scaringella
Security Systems
Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 11:52 AM, Fabrice Durand via PacketFence-users
wrote:
What i think it's probably because of the username attribute in the AD
authentication source.
When you set a sponsor in the portal then packetfence try to find the email
address in the AD
ypes. That
is the "Lab-Aruba-OpenGuest-copy” profile in this case.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 8:17 AM, Fabrice Durand via PacketFence-users
wrote:
Hello Louis,
can you provide the packetfence.log when you authent
ith the customized portal logo and different guest authentication types. That
is the "Lab-Aruba-OpenGuest-copy” profile in this case.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On Oct 7, 2020, at 8:17 AM, Fabrice Durand via PacketFence-users
wrote:
::members_ips)”.
Jeff Linden | Corporate Infrastructure Specialist
*DAIFUKU NORTH AMERICA*
30100 Cabot Drive, Novi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>**
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
*Sent:* Friday, October 9, 2020 2
ovi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@list
NORTH AMERICA*
30100 Cabot Drive, Novi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
&l
Hello Jeff,
your issue is because keepalived is not running.
let's try:
/usr/local/pf/bin/pfcmd service pf updatesystemd
systemctl restart packetfence-keepalived.service
Regards
Fabrice
Le 20-10-09 à 14 h 11, Jeff Linden via PacketFence-users a écrit :
Hello,
I’ve upgraded PacketFence
x1013
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
*To:* packetfence-users@lists.sourceforge.net
&
*DAIFUKU * <http://www.daifukuna.com/>
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
*To:* packe
Hello Ronald,
first you don't need to specify
https://nac-pf01.domain.com/guest/s/94mbh3bf/ , this is set on the
controller side.
Can you run this command (and paste the result):
bin/pfcmd cache switch_distributed list
This list is used by PacketFence to map the bssid (included in the
Check that:
https://github.com/inverse-inc/packetfence/issues/5670
Regards
Fabrice
Le 20-07-20 à 10 h 55, Juraj Tobias via PacketFence-users a écrit :
having the same issue, but the steps suggested here didn't help, i'm
afraid :/
yum install kernel-devel-$(uname -r)
reboot
(no errors)
Hello Michael,
good to know that it works.
Le 20-07-08 à 15 h 54, Michael Brown a écrit :
Hi Fabrice,
You were right. As soon as I changed the Auth Source for Domain
Computers to MemberOf is CN=Domain Computers,OU=Domain
Groups,DC=eatontown,DC=local it worked the only caveat being that on
Cool
Le 20-06-02 à 01 h 23, Tanzanite Prime Gaming via PacketFence-users a
écrit :
I am trying to get Freeradius to work on Packetfence. I get auth
requests I think.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
a bug?
On Mon, Jun 8, 2020, 6:00 AM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Tanzanite,
you need to edit the one in /usr/local/pf/conf/radiusd , this one
is used as a template to generate the running config.
Hello Tanzanite,
you need to edit the one in /usr/local/pf/conf/radiusd , this one is
used as a template to generate the running config.
Regards
Fabrice
Le 20-06-07 à 23 h 16, Tanzanite Prime Gaming via PacketFence-users a
écrit :
When I edit /use/local/pf/raddb/auth.conf and restart
Hello Chrisb,
it looks that you defined the Unifi switch module for your Ruckus AP.
Jul 27 17:32:14 packetfence pfqueue: pfqueue(23832) INFO:
[mac:58:d9:c3:5e:56:e5] Deauth on site: Default
(pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
Fix that and make another try.
Regards
Le 20-07-28 à 05 h 33, Juraj Tobias a écrit :
thx, Fabrice, pls see replies in the text
*From:* Durand fabrice via PacketFence-users
*Sent:* Tuesday, July 28, 2020 04:41
*To:* packetfence-users@lists.sourceforge.net
Hello Adrian,
if you can try with other mac format to see if one works.
like:
5c:e0:c5:c1:d6:fd
5C:E0:C5:C1:D6:FD
5c-e0-c5-c1-d6-fd
5C-E0-C5-C1-D6-FD
5ce0c5c1d6fd
5CE0C5C1D6FD
Regards
Fabrice
Le 20-12-15 à 13 h 06, Adrian D'Atri-Guiran a écrit :
Hi Fabrice,
I played around with it a
Hello Sonali,
do a tcpdump on the registration interface to see if there is some traffic.
Also do you get an ip address when you are in the registration vlan ?
Are you able to ping it from the pf servers ?
Regards
Fabrice
Le 20-11-20 à 04 h 57, Sonali Gulia a écrit :
hi all
i am setting
Hello Sonali,
your issue looks to be because there is no module before that set the
"known good" password in the request.
Where is stored the password ? (ldap/sql/...)
Regards
Fabrice
Le 20-11-02 à 22 h 46, Sonali Gulia a écrit :
hi
Hi all in new version of pf 10.2.0 eap gtc sub
The simplest way to see what is not working is probably to compare the
request that works and the one who not.
Because right now in the debug there is no call to ldap and or sql.
Regards
Fabrice
Le 20-11-03 à 08 h 58, Sonali Gulia a écrit :
Hi
We are using ldap module but i also try sql
At least when you try to connect ...
Le 20-10-30 à 06 h 37, Sonali Gulia a écrit :
hi Durand fabrice
here is the result of raddebug -f /usr/local/pf/var/run/radiusd.sock
-t 3000
(10522) Fri Oct 30 21:32:00 2020: Debug: Received Status-Server Id 97
from 127.0.0.1:51783
Hello Enrique,
use_tunneled_reply is a freeradius attribute but i don't think it's
related to the issue (it's the authentication part).
(https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/eap.conf.example)
The issue is when the CoA is sent.
Regards
Fabrice
Le 21-01-08 à
Hello,
it's on the way, we are working on the support for debian 11 and rhel8.
Regards
Fabrice
Le mer. 16 juin 2021 à 14:13, David Magda via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
> Currently the official repos only have binaries for Debian 9
Yes you can add it in Avaya.pm and you just need to restart httpd.aaa.
Regards
Fabrice
Le mer. 16 juin 2021 à 14:13, Chris Crawford via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Do I need to put this into the Avaya.pm in …/lib/pf/Switch/Avaya.pm? Or
> can I
Hello Mathieu,
in fact if you want to use FreeIPA , you need to have the clear-text/nthash
version of the password in the ldap directory.
Btw i don't know if samba is available with FreeIPA.
Regards
Fabrice
Le mer. 23 juin 2021 à 06:30, Mathieu Valois via PacketFence-users <
Hello Mark,
When from the admin gui you register the device, do you change the unreg
date ?
Regards
Fabrice
Le mer. 23 juin 2021 à 19:38, Mark Okuno via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello packetfence-users,
>
> We are running packetfence 9.0 on a
Hello Chris,
First we don't compute the role from the source for Fortigate, we just do a
mschap verification then if it's authenticated then we allow the access.
It misses a little bit of code to do that but it's not something really
complicated.
Next the condition in the radius filter you
Hello David,
you are in the good tracks.
First you need to append that:
use pf::SwitchSupports qw(
WiredMacAuth
WiredDot1x ... );
Then retry.
Also can you provide a raddebug output when you connect ?
raddebug -f /usr/local/pf/var/run/radiusd.sock
Regards
Fabrice
Le mar. 18 mai 2021 à 01:22,
Hello David,
I will be happy to review your PR once done.
Btw i am always impressed by the Mikrotik features, it's like a network
equipment switch knife.
Last thing, if the deauth method is not the same between wifi and wired ,
you can add the function wiredeauthTechniques in the switch module.
Hello Jake,
as Diego said it can be a lack of the dhcp option for the RFC7710 in your
dhcp server (i coded the dhcp server with all my love and you still don't
want to use it).
It can also be a certificate issue, if the certificate expiration date is
more than x months then apple devices don like
Hello,
it has been fixed but it introduced a new regression.
Can you try that:
https://github.com/inverse-inc/packetfence/commit/2b622a55fda11390d2d7c7cc6752f0dd3d4af2e6
Regards
Fabrice
Le jeu. 8 juil. 2021 à 14:06, mi saki via PacketFence-users <
packetfence-users@lists.sourceforge.net> a
Hello Thapeli,
i can see that you have multiples issues in your config.
First the switch config doesn't looks to be correct.
If the packetfence server is plugged on the port Fa/01 only the vlan 1 is
allowed.
Next you don't have to enable 802.1x on this port.
interface FastEthernet0/1
Hello Cristian,
thanks for the raport.
On my side i was able to replicate the issue and i pushed a fix in the
maintenance branch.
So you can run /usr/local/pf/addons/pf-main.pl and restart httpd.aaa
service.
Regards
Fabrice
Le mar. 27 avr. 2021 à 11:00, Cristian Mammoli via PacketFence-users <
401 - 500 of 673 matches
Mail list logo