Hello Adam,
Check with:
journalctl | grep pfdns
Regards
Fabrice
Le mar. 27 avr. 2021 à 22:34, Franklin, Adam via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Ludovic
> Could you tell me where to find the appropriate logs?
> Many Thanks
>
> Adam
>
> Get Outlook
Hello Robin,
in fact you just need to change the registration role in the switch config
to a prod vlan instead of the registration one.
Regards
Fabrice
Le mar. 27 avr. 2021 à 22:34, Robin Cortat via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> I have
Hello Abdoul,
packetfence is already aware of the dhcp traffic on the
isolation/registration networks, so there nothing to do.
For the production network, you can do 2 things:
use the ip helper address command on each production vlan (on the cisco
switch):
ip helper-address address
or use that
redns/plugin/pfdns.(*pfdns).RefreshPfconfig.func1
>
> Apr 27 15:07:18 vs-swk-pf pfdns[222919]:
> /root/rpmbuild/centos-7/BUILD/packetfence-10.2.0/go/coredns/plugin/pfdns/pfdns.go:118
> +0x50
>
> Apr 27 15:07:18 vs-swk-pf systemd[1]: Unit packetfence-pfdns.service
> entered
Hello Stephen,
you can install monit for that.
yum install monit
then have a configuration file that match specific pattern:
check file radius.log with path /usr/local/pf/logs/radius.log
group RADIUS
every 450 cycles # every 15 minutes (if 1 cycle is 2 seconds)
if match
Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
Can you revert this section (put as default) and retry ?
Thanks
Regards
Fabrice
Le 2021-03-29 à 16 h 15, Joshua Wise via PacketFence-users a écrit :
Pastebin of the response.
Hello doppino,
yes you can use SNMP and active directory but for that you will need to
use the portal to authenticate.
Be sure on the packetfence side to enable the
packetfence-snmptrapd.service (it's disabled by default).
Then add the switch in packetfence and fill the correct
lation.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via PacketFence-users
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
sorry for t
celinaisd.com/>
On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
Hello Martijn,
simply associate the DEFAULT and NULL realm to you domain (Realm config
section) and restart packetfence
Regards
Fabrice
Le 2021-03-16 à 16 h 16, Martijn Langendoen via PacketFence-users a écrit :
Hi all,
i have a problem with my 802.1x setup. i follow the manual about
Hum looks to be the accounting interim update.
Check on the equipment side and raise the interim update value to
something higher.
Le 2021-03-10 à 08 h 50, Daniele via PacketFence-users a écrit :
I noticed that there are also these logs repeated every 30 seconds in
the packetfence.log ...
It looks that the disconnection doesn't work correctly:
Jan 20 07:19:37 pf pfqueue: pfqueue(30210) WARN: [mac:58:d9:c3:5e:56:e5]
Unable to perform RADIUS Disconnect-Request. Disconnect-NAK received
with Error-Cause: Session-Context-Not-Found. (pf::Switch::radiusDisconnect)
Check on the
Hello Arun,
try that.
cd /usr/local/pf
patch -p1 --dry-run < max_node.diff
if there is no error:
patch -p1 < max_node.diff
Then restart packetfence.
Regards
Fabrice
Le sam. 11 sept. 2021 à 10:40, Arun Kangle a écrit :
> Hi Fabrice,
> Thanks for your reply. I will need help on this.
>
>
Hello,
i believe the solution is to use eap-tls but if they don´t provide the ca
certificate of their company then they will have to provide a way to talk
to their radius server. (something like eduroam)
The other solution can be to allow the vpn server in the passthrough then
if they connect on
Hello Peter,
kerberos is not supported by the windows supplicant, so it´s not possible.
What you can do is to enable the nt-hash feature in packetfence and just
deal with that. (no more ntlm)
Regards
Fabrice
Le mer. 25 août 2021 à 05:54, Chin, Peter via PacketFence-users <
Hello David,
you don´t have to change the pm file but the translation one. (it´s a po
file)
Do something like that on you pf server to find the file):
grep "I accept the terms" * -r
Then edit it and change the stuff you want.
Then in /usr/local/pf do:
make translation
Regards
Fabrice
Le
Hello Arun,
in fact you need to define the layer3 remote network in packetfence
(network interface section) and you will need to forward the dhcp traffic
from the remote network to packetfence. (i hope the traffic is not natted)
Regards
Fabrice
Le ven. 27 août 2021 à 07:57, IS AppSec
Hello Fernando,
upgrading centos 7 to centos 8 is "possible", i did it but it's not the
method i recommend.
IMO you should start from scratch and install Rocky/Alma linux and install
packetfence 11 on it.
Btw there is an upgrade script you can use to export the config to a new
server.
Regards
Hello,
yes it´s possible, but not with the "radius_request.Reply-Message" since
it´s a reply not a request.
I think you need to add the radius attribute in the configuration->radius
attributes (i don´t have the admin interface in front of me) then add
Reply-Message.
Once done, you should be able
Hello Arun,
there is no security event that trigger that but it´s not something really
complicate to add in packetfence.
If you look at is_max_reg_nodes_reached in node.pm, you can trigger a
security event from there.
Let me know if you need help on that, it won´t take me so much time to code
Hello Ivo,
Hum, first you need to add virtual ips on the WAN interface and play with
conf/iptables.conf to add your rules.
Also which interface is the management one ? (this one is natted by
default).
Regards
Fabrice
Le ven. 10 sept. 2021 à 01:40, Admin SielNet via PacketFence-users <
Hello Joffrey,
as i remember it´s a switch config to do, not sure every vendor supports it
(at least cisco supports it).
Regards
Fabrice
Le jeu. 26 août 2021 à 15:55, Joffrey Bienvenue via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Good morning
>
> In order to
Hello All,
remove that from pf.conf:
[captive_portal]
ip_address=192.168.203.1
Just quick explanation why there is this parameter, it´s just because of
samsung devices.
If the device is on the same layer2 that the registration interface then
the portal ip address needs to be on a different
Hello Stephan,
it looks that you strip the username somewhere, do you have a realm or a
radius filter who do that ?
Regards
Fabrice
Le lun. 13 sept. 2021 à 16:41, Kaufhold, Stephan via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> the client
In fact it´s a little bit more complicate since you do autoregistration.
What you can do is to trigger the security event with action isolate.
Then create a vlan filter that disable the autoregistration if the security
event is open for this device.
Then the first request will be rejected
Yes you can do that
Le mar. 14 sept. 2021 à 06:15, David Harvey a
écrit :
> Borderline thread hijack, but as it's on topic:
>
> Is it possible to use the radius username rewrite functionality in
> combination with "Dot1x recompute role from portal"
>
> Thanks,
>
> David
>
> On Tue, Sep 7, 2021
Hello,
you have to use the preprocess scope in the radius filter.
In addition you can use the macro
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_filter_engine_macro
Regards
Fabrice
Le lun. 6 sept. 2021 à 12:07, Cristian Mammoli via PacketFence-users <
Hello,
what a surprise ... , it´s not like always.
On my side to troubleshoot that, i use a mac to connect to the phone and
check the console log.
Also i am doing a network capture on the PacketFence side (filter the ip
address of the device) and see if there is any traffic coming from the
Hello Arun,
sorry for the late reply.
Can you add just before this line:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/role.pm#L737
use Data;;Dumper;
$logger->warn(Dumper $args);
then restart httpd.aaa and retry.
You should be able to see all the args in the logs. (if you can
Hello Adrian,
most of the requests are from the radius probe from the switch.
Probably that is configured on your switch:
automate-tester username dummy ignore-acct-port idle-time 3
So it looks to be normal.
Regards
Fabrice
Le mar. 2 nov. 2021 à 04:08, Adrian Dessaigne
a écrit :
> Hello
Hello Frederico,
what version of the ubiquiti controller are you running ?
Also did you define the switch in the packetfence configuration (like by ip
or mac ?)
Last thing, can you try that http:///guest/s/default/ (notice
the / at the end).
Regards
Fabrice
Le mer. 27 oct. 2021 à 02:27,
Hello Adrian,
you can try that to see exactly what happen:
tshark -i any -f "port 7070" -Y "http.request || http.response" -V
Regards
Fabrice
Le mar. 26 oct. 2021 à 05:56, Adrian Dessaigne via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi again,
>
> I'm trying
Hello John,
i would say as always with iphone ...
The thing is if you try to change the vlan id after the registration on the
portal then the iphone will disconnect and ... never try to reconnect.
Compare to android and windows devices who will reconnect.
The only solution is to use web-auth in
Hello Maximo,
a switch can be added in this section:
https://pfmgmt:1443/admin#/configuration/switches
Regards
Fabrice
Le ven. 29 oct. 2021 à 08:50, Fabrice Durand a écrit :
> Hello Maximo,
>
> a switch can be added in this section :
>
>
> Le lun. 18 oct. 2021 à 01:23, Perez, Maximo II - ECS
Hello Perez,
try this one:
https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_2960
Regards
Fabrice
Le sam. 30 oct. 2021 à 01:54, Perez, Maximo II - ECS ISS
a écrit :
> Hi Durand,
> What is the switch configuration on the Cisco switch that should be made
> to
Redhat8 or Debian11
Le ven. 29 oct. 2021, 18 h 30, ypefti--- via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Good news, thanks, Ludovic.
>
> I grasped for this opportunity to try to upgrade ours to the new release
> while we are not in production mode now.
>
>
Hello Adelmo,
yes you can integrate packetfence with anyconnect.
There is some documentation about that
https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_asa
Regards
Fabrice
Le mer. 1 déc. 2021 à 10:11, Adelmo Itsuzo Takemori via PacketFence-users <
Hello Jules,
what do you mean by "We set an IP address on the registration field of the
switch which is the same as our PF " ?
Do you have more details on how you configured your setup ?
Regards
Fabrice
Le mer. 1 déc. 2021 à 10:10, HERVAULT Jules via PacketFence-users <
Hello Simon,
right now it´s not possible to use OpenID on the self service portal.
It won´t be too complex to add.
Regards
Fabrice
Le mar. 14 déc. 2021 à 01:14, Simon Sutcliffe via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team
>
> Any chance of a yes or no
It´s NOT
Le lun. 13 déc. 2021 à 15:29, Erich Flynn via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Can we confirm PacketFence is not subject to CVE-2021-44228?
> Chat
> Spaces1
> Meet
> New meetingMy meetings
> ___
>
Hello Francisco,
it happen directly on the client browser.
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/CoovaChilli.pm#L84
So i recommend to run the chrome dev mode and see in the network tab if the
device is able to tell the AP that it is registered.
Regards
Fabrice
Hello Syed,
you have to use dev mode in the browser to see if you have any error (like
404) related to netdata (https://mgmt_ip:1443/netdata/)
Once found can you post the url ?
Regards
Fabrice
Le jeu. 13 janv. 2022 à 09:53, Misbah Hussaini via PacketFence-users <
Hello Jorge,
you can try that:
https://github.com/inverse-inc/packetfence/commit/e99698c955d596b6d04ef52c64a7aadc21f34e47
Regards
Fabrice
Le ven. 11 févr. 2022 à 12:04, Jorge Nolla a écrit :
> Hi Fabrice,
>
> This is the last step for us to get this working, any thoughts?
>
> Thank you!
>
what kind of authentication source you use to authenticate ?
Le ven. 11 févr. 2022 à 16:05, Jorge Nolla a écrit :
> Hi Fabrice,
>
> I did try $username, but it returns the DEFAULT username and not the
> actual username which was used to register the device with in the portal.
>
>
> On Feb 11,
Hello Tomas,
try that (conff/radiusd/rest.conf):
https://github.com/inverse-inc/packetfence/commit/5ee142d9ba6ce457c10967013fa11a361caa9694
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, tomas.rybicka via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Dear Packetfence
Hello Thirunavukkarasu,
do that instead:
/usr/sbin/freeradius -d /usr/local/pf/raddb -n auth -fxx -l stdout
and paste the output.
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, Thirunavukkarasu Palanisamy via
PacketFence-users a écrit :
> Hi Team,
> Greetings of the day
>
> After upgrading
Hello Chris,
instead of 2210 , set it to 0 in packetfence (i mean use the native vlan).
Regards
Fabrice
Le ven. 11 mars 2022 à 10:12, Chris Jordan via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
> I have an odd issue switching VLANs on Meraki Wifi.
>
> I
Hello Torem,
i don´t have a Palo Alto on my side but if it works by just allowing the
User-ID part then we will have to adjust our documentation.
Regards
Fabrice
Le ven. 18 mars 2022 à 09:45, Toren Smith via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Just a quick
Hello Thirunavukkarasu,
the realm eduroam is define in the freeradius unlang, so if the logic
detect that it´s an outbound authentication then the realm eduroam will be
added in the request.
For the DEFAULT one you should use your domain for that.
Regards
Fabrice
Le ven. 18 mars 2022 à 09:45,
Hello Dennis,
you can add it there, it should work.
https://github.com/inverse-inc/packetfence/blob/devel/html/pfappserver/lib/pfappserver/Form/Config/Source/Billing.pm#L64
Regards
Fabrice
Le ven. 18 mars 2022 à 09:46, Schüller Dennis via PacketFence-users <
Hello Adrian,
welcome to the intune world ...
Do you see in the packetfence log when the 500 happens ? (journalctl
command)
Did you defined the scep url as http ? If it´s the case you can take a
network capture to see what happen exactly.
We also made change in the incoming PacketFence version
Hello Adrian,
the error is "err="crypto/rsa: decryption error""
We got multiple issues with intune because of the Key Storage Provider, can
you verify that it´s configured like that ?
[image: image001.png]
Regards
Fabrice
Le mer. 16 févr. 2022 à 11:24, Adrian Damaschek <
Hello Trevor,
in the coming new PacketFence release we added that:
https://github.com/inverse-inc/packetfence/pull/6772
Which allow you to create a radius probe account in order to test if the
server is available.
Btw access-reject also means that the server is available.
Regards
Fabrice
Le
Hello Adrian,
glad to know that it works for you.
Btw I have no clue why the TPM module cannot be used.
I know that we got an issue with certificates provided by intune where
Freeradius complained that it wasn´t able to decrypt too.
There are also issues with Android and intune if the
I have a debian cluster running on my side wit the raddebug command here:
/usr/sbin/raddebug
and it´s coming from the freeradius package.
root@cluster3:/usr/local/pf# apt-file search raddebug
freeradius: /usr/sbin/raddebug
Le lun. 21 févr. 2022 à 10:27, Adrian Damaschek <
Sorry a typo
raddebug -f /usr/local/pf/var/run/radiusd.sock -d 3000
For the MTU i think that it needs to be done on the AP (to match the VPN
value) and maybe on the vpn server too.
Le lun. 21 févr. 2022 à 09:58, Adrian Damaschek <
adrian.damasc...@technicondesign.com> a écrit :
> Hi Fabrice,
>
Hello Adrian,
I deal with that sometimes and it's supposed to be the NAS that sends
the Framed-MTU
attribute.
Are you able to see it in the request ?
Can you change it on the AP side ?
Also if you change it on the freeradius side i don´t think it will change
anything.
Regards
Fabrice
Le mar.
It´s like the switch never receives the radius reply.
i would suggest to capture the traffic to see what happen.
Le mer. 30 mars 2022 à 08:54, David Kitonga via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Ok.
>
> Setup
>
>
>
> Cisco 3850
>
> Windows 11 endpoint
>
>
Hello Nicat,
can you run this command and try to connect ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 300
Then paste the output.
Regards
Fabrice
Le mer. 30 mars 2022 à 08:54, Nijat Sultanov via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi there,
> I was
Just like that:
[image: image.png]
Le dim. 20 mars 2022 à 07:39, P.Thirunavukkarasu
a écrit :
> Hi Fabrice,
> Thank you and Sorry for the question...
>
> *Create the connection profile for outbound authentication*
> *"Create the Connection Profile named External Eduroam authentication
> Check
Hello Simon,
since the ocsp url is http , you could capture the traffic and see what
happens exactly.
Regards
Fabrice
Le mar. 1 févr. 2022 à 12:54, Simon Sutcliffe via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team
>
>
>
> Another day another issue with our
Hello Mickael,
first Marseille and Paris are not supposed to work together but we will try
to make it work.
It looks that there is a misconfiguration on the Paris server, it´s
not suppose to return any vlan/acl but just accept or reject.
So on the Eduroam server how did you define the Paris
Hello Diego,
you can change it there:
https://github.com/inverse-inc/packetfence/blob/devel/go/httpdispatcher/proxy.go#L148
then go in /usr/local/pf/go
make go-env
source ~/.bashrc
make pfhttpd
mv pfhrrpd ../sbin
systemctl restart packetfence-httpd.dispatcher.service
Regards
Fabrice
Le mer. 2
Hello Jorge,
do you have any Huawei documentation to implement that ?
Regards
Fabrice
Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hi Team,
>
> We were wondering if anyone has had any success in configuring Web Auth
>
Hello Leon,
can you post the output of raddebug ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
and retry to authenticate the phone.
Regards
Fabrice
Le mer. 2 févr. 2022 à 08:19, Leon Pinto via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello All,
>
In fact it depend what you need exactly but the idea is to configure the
default realm to forward the accounting to another server (defined as a
radius source).
So create a radius source in packetfence and in the realm config select
this source for the accounting.
Restart radius and it should
Hello Jorge,
i will have a look closer.
But i have a question, when the device is forwarded to the captive portal,
(just before
https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin)
, what is the url ?
You should be able to see it in the
Hello Jorge,
the only way is to use radius-acct instead of pfacct.
pfacct doesn´t implement that right now.
So disable pfacct and enable radius-acct.
Regards
Fabrice
Le mer. 2 févr. 2022 à 19:55, Jorge Nolla via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
>
Hello Christopher,
if you have an API in front of the postgresql db then it won´t be too
complicate to code.
I did that in the past and the code is there:
https://github.com/inverse-inc/packetfence/compare/feature/rest_provisioner
Regards
Fabrice
Le jeu. 27 janv. 2022 à 14:51, Chris Jordan
I just pushed a fix.
cd /usr/local/pf
curl
https://github.com/inverse-inc/packetfence/commit/7628afddf46e0226667560dc33df192f9c4cf420.diff
| patch -p1
and restart
Le lun. 7 févr. 2022 à 13:46, Jorge Nolla a écrit :
> Here are the log outputs for /usr/local/pf/logs/packetfence.log
>
>
> Feb 7
Did you try to hardcode that in the code and see if it works ?
Also i don´t understand the goal of passing the username and password , is
there any extra check after that ? What happen if the user register by
sms/email ?
And i just found that:
Hello Jorge,
what we need is the user mac and the ap information.
I found that
https://support.huawei.com/enterprise/en/doc/EDOC118283/659354b1/display-url-template
Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ?
And if yes can you provide me the url generated by
Yes, that's it.
Le mar. 8 févr. 2022 à 11:23, Jorge Nolla a écrit :
> Fabrice,
>
> The document you had provided didn’t layout the configuration steps. I
> think this might be the correct document for the configuration you are
> referring. If you have a chance take a look and let me know.
>
>
You can try that instead:
my $html_form = qq[
http://$controller_ip:8443/login;>
];
It will pass the mac address of the device in the radius request as
username and password instead of the real username and password who has
been
Hello Jorge,
i really think that it´s not the correct way to support the web auth in
Huawei.
The only thing you can do with the portal is to authenticate with a
username and password, there is no way to do anything else
(sms/email/sponsor/).
Also when you authenticate on the portal , the
Hello Jorge,
you have to enable radius-acct service.
It´s radius-acct who is able to proxy the request to another server, not
pfacct (btw you can keep it enabled).
Regards
Fabrice
Le mer. 9 févr. 2022 à 19:21, Jorge Nolla a écrit :
>
> Another configuration file with references to the
There is no realm so you have to configure the null realm.
Le mer. 9 févr. 2022 à 20:12, Jorge Nolla a écrit :
> Hi Fabrice,
>
> This is the output when It receives an accounting message from the
> controller:
>
>
> ^C[root@wifi jnolla]# radsniff -i any -f "port 1813" -x
> Logging all events
>
I am just not sure what to set for username and password, if you do sms
auth then there is no password.
Also in the url it looks that it miss the mac address of the device , can
you try to add device-mac and see if the device mac is in the url ?
Here the first draft:
Great!
it will be easier.
Le dim. 6 févr. 2022 à 18:38, Jorge Nolla a écrit :
> Fabrice,
>
> I figured out why the AC is formatting in that way,
>
>
> 6.3.7.3.6 The URL of the Redirected Portal Page Contains %XX, Which Cannot
> Be Identified by Some Portal Servers
>
> When a third-party Portal
Hello Jorge,
i have what i need at least to be able to support the web-auth.
The only thing i am not sure is at the end of the registration process what
we are supposed to do.
I will create a branch on github in order for you to test. (it will be an
update of the Huawei switch module).
For
Hello Simon,
what switch module are you using in PacketFence ?
It´s implemented here:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L580
Regards
Fabrice
Le ven. 21 janv. 2022 à 02:43, Simon Sutcliffe
a écrit :
> Dear Team
>
>
>
> Over the last
Hello Simon,
if you change this line
https://github.com/inverse-inc/packetfence/blob/devel/conf/template_switches.conf.defaults#L94
from
acceptRole=Filter-Id = $role
to
acceptRole=Filter-Id = ${role}.in
and do a /usr/local/pf/bin/pfcmd configreload hard
does it work ?
Regards
Fabrice
Le
probably a misconfiguration issue.
https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_packetfence_configuration_modification_first_server_only
Notice host=127.0.0.1
if you forgot that then it means that each server will use the local
database instance to insert and it will result
Hello Benjamin,
first you need to raise the timeout value of the radius-auth service.
You should be able to do it there:
https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/auth.conf.example#L23
and add that:
```
limit {
max_connections = 16
lifetime = 0
Hello Karl,
the switch module has been tested but the configuration has never been
retrieved.
I found some documentation about 802.1x mac-auth, you can try the examples
in this doc:
https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-7885.pdf
Regards
Fabrice
Le jeu. 14 avr. 2022 à
ok easy.
edit the rest.conf file in conf/radiusd
and at this line add (
https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/rest.conf.example#L194
):
timeout = 60.00
Then restart radius-auth
Le jeu. 14 avr. 2022 à 21:49, Benjamin Shirley - Simplicity <
Thanks, it will be really appreciated.
Le jeu. 14 avr. 2022 à 21:42, Karl Stevens a écrit :
> Thanks Fabrice, I've found that too - I'm working through it and have it
> mostly working now. Once I'm done I'll try to write up my findings and
> make a pull request on the Packetfence docs.
>
> On
so you can try with the Cisco::Cisco_IOS_15_0 switch module and do 802.1x
Le mar. 31 oct. 2023 à 15:31, Akram Abdallah a
écrit :
> It supports 802.1x without mab
>
> On Tue, 31 Oct 2023, 8:01 pm Fabrice Durand, wrote:
>
>> does it support radius mab/802.1x ?
>>
>> Le mar. 31 oct. 2023 à 13:22,
If i am not wrong the Azure AD test the user and not the machine
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28
Regards
Fabrice
Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via
PacketFence-users a écrit :
> Dear
https://mgmt_ip:1443/admin#/configuration/general
and hostnamectl set-hostname server1
Regards
Fabrice
Le mar. 31 oct. 2023 à 13:23, Thirunavukkarasu Palanisamy via
PacketFence-users a écrit :
> Hi Team,
> Greetings of the day
> I tried to change the hostname of the PF in web-admin.
> Even
does it support radius mab/802.1x ?
Le mar. 31 oct. 2023 à 13:22, Akram Abdallah via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Is the Cisco CBS 220 switch compatible with Packetfence ?
>
> ___
> PacketFence-users mailing
> Oct 31 07:48:25 packe
>
>
> Regards
>
> Hubert
>
> Am 30.10.23 um 14:51 schrieb Fabrice Durand via PacketFence-users:
>
> Hello,
>
> it looks that the packetfence radius config didn't applied correctly.
>
> Go in /usr/local/pf/conf/radiusd/ and copy packet
it could be something simple like allowing the graph api url change in the
admin gui.
Then you will choose between device check and user check.
Le mar. 31 oct. 2023 à 14:17, Corey Keeling (Shared Services - Staff) <
corey.keel...@parksidecc.org.uk> a écrit :
> From looking at that file you
Hello,
it's normal that you don't have internet access fron the registration vlan,
the goal is to hit the captive portal.
Regards
Fabrice
Le lun. 30 oct. 2023 à 06:56, Thirunavukkarasu Palanisamy via
PacketFence-users a écrit :
> Hi Team,
> Plz go thro the configuration
> Registration vlan 2
t;>> section.
>>> Oct 31 07:48:25 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Control process exited, code=exited,
>>> status=1/FAILURE
>>> Oct 31 07:48:25 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Failed
Hello,
is it possible to run raddebug and have the output ?
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
Thanks
Fabrice
Le lun. 30 oct. 2023 à 06:56, Anton Palmgård via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> *From:* Anton.P
> *Sent:* Wednesday,
Hello,
it looks that the packetfence radius config didn't applied correctly.
Go in /usr/local/pf/conf/radiusd/ and copy packetfence.example to
packetfence and restart radiusd
Regards
Fabrice
Le lun. 23 oct. 2023 à 07:59, Hubert Kupper via PacketFence-users <
Hello Jori,
you can use raddebug for that:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000
Regards
Fabrice
Le lun. 23 oct. 2023 à 08:00, Jori Luoto via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello everybody,
>
>
> I have installed Packetfence three
Hello José,
IMO you should create 2 connection profiles, one for MAB (filter
connection_type = Ethernet-NoEAP) and another one for 802.1x (filter
connection_type = Ethernet-EAP).
Once done, assign the correct authentication source to the MAB profile
(sources you will see on the portal) .
On the
Hello José,
you have to combine 2 authentication sources, one for the user and the
other for the computer.
The difference between the 2 will be the username attribute , for user it´s
sAMAccountName and for computer it´s userPrincipalName (btw create
authentication rules for user and machines)
So
501 - 600 of 673 matches
Mail list logo
