I Agree with XenoPhage. Your network is very similar to mine and that is
almost exactly the same way I have mine deployed.
In my environment I am running al the network services (DNS, DHCP, etc.) on my
production Win2k8 servers, with the exception of the DNS for the registration
vlan since
Manuel:
First, welcome to the PacketFence community!
Check the packetFence website about your hardware, if the hardware you are
looking for is not listed email inverse (the company that makes PacketFence)
and they may be able to give you more info.
To answer your question about PacketFence
I agree with XenoPhage, I will add a few things though.
1) Unless there is a compelling reason use the VLAN deployment option. It is
the best option for performance and scalability in my opinion.
2) If you deploy using VLans you will need to add 2 more VLans, one for
registration and one for
Search for my name and 2960 in the archives, I posted the necessary config bits
to make PF work with MAB on just about any cisco switch.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
Mr. Palmer:
I am so, so sorry. You are about to find out the pains of shoehorning Apple
technology in to the enterprise.
My personal dislike for all things Apple goes very deep, but that aside, can I
ask why the decision was made to go with Apple TVs?
Was it for AirPlay? We use some
Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Decoursey, Jason B CADET MIL USA USMA [jason.decour...@usma.edu]
Sent: Wednesday, March 05, 2014 10:31 AM
To: Sallee, Jake
Subject: RE
...@gmail.com wrote:
Hi sallee,
This one ? Help with Cisco 2960 and
1242http://sourceforge.net/p/packetfence/mailman/message/29744760
Regards,
Sampath
On Mon, Mar 3, 2014 at 9:46 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Search for my name and 2960 in the archives, I posted
Did you enable 802.1x auto register?
Also some info about the WLC platform with PF:
SNMP with WLCs is borked after version 7.0 (I think), we switched over to using
RADIUS-COA and it worked much better for client de-auth.
Also, currently there is a feature in the WLCs that caches the user's
something
and i don't know what it is. Hope understating basics will guide me to the
exact problem. :)
Thank you very much for your valuable time.
On Wed, Mar 5, 2014 at 11:03 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
I'm sorry, one of my users decided to start
The marketing term for what we are talking about is Self Remediation.
Self Remediation (SR) is nice but it can become a bit of a bear to manage if
not done correctly.
In theory the best method for SR is with PF deployed in an in-line
configuration sice you can have such fine grained control
Hello all!
This one is making me feel a bit foolish but I just can't seem to find the
source.
I updated my lab install of PF to 4.2.0-1 and got the unknown config parameter
error for
registration.gaming_devices_registration
and
registration.gaming_devices_registration_role
://github.com/inverse-inc/packetfence/blob/devel/UPGRADE.asciidoc#configuration-changes
Regards
Loick
On May 14-02:54PM, Sallee, Jake wrote:
Hello all!
This one is making me feel a bit foolish but I just can't seem to find the
source.
I updated my lab install of PF to 4.2.0-1 and got
[lpe...@inverse.ca]
Sent: Wednesday, May 14, 2014 11:40 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] unknown config paramater
Hello Jake,
Can you try to reset cache with :
/usr/local/pf/bin/pfcmd configreload hard
Regards
Loick
On May 14-03:44PM, Sallee, Jake
Search the archives for my name and Cisco 2960, the config will be almost (if
not exactly) the same.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
The short answer to your question is, yes.
However you need to understand, that is a conditional yes. Conditional in
the fact that PF is an open source package that can do ANYTHING so long as you
know how to accomplish it.
So; if your question is, Can I use PF to create a captive portal that
-SNIP-
Right now as it stands, if a users chooses the private SSID, and authenticates,
they are sent to the appropriate. VLAN (staff or student). If that users then
chooses the public SSID, they will go there fine still on their appropriate
vlan they had registered with earlier, but in
of that office can grant the internet access.
But for me a captive portal should be enabled
On Tue, Jun 17, 2014 at 7:10 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
The short answer to your question is, yes.
However you need to understand, that is a conditional yes
resources.
Lupe Silva
On Tue, Jun 17, 2014 at 7:52 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edumailto:jake.sal...@umhb.edumailto:jake.sal...@umhb.edu
wrote:
-SNIP-
Right now as it stands, if a users chooses the private SSID, and authenticates,
they are sent
with the staff role.
Regards
Fabrice
Le 2014-06-17 17:09, Sallee, Jake a écrit :
I think the cleanest solution would be to have the roles re-evaluated on each
connection. Otherwise I think what you are doing is probably the way to do
it.
***TO THE PF DEVS***
What is the reasoning behind never re
.
Fabrice
Le 2014-06-17 17:43, Sallee, Jake a écrit :
That sounds great!
However, will that role be re-evaluated on every connection? That seems to be
the sticking point.
From the example you gave it looks like it hooks into the
GetNormalVlanForNode method in which case it would get re-eval'ed
Hello PF community!
Apparently Apple has introduced a new feature for iOS8 that generates a new MAC
for the phone every time the user connects to wifi.
See google for more info :)
I'm looking for official info from Apple to see how this feature works but it
concerns me how this will affect
All of your feedback seems to indicate that the random MAC is only for probes
which seems okay.
However if it is only for probes how is it any more secure?
I see how marketers would track your phone even when it is probing and that
this feature could help with that, but once you connect they
(www.sogo.nuhttp://www.sogo.nu) and
PacketFence (www.packetfence.orghttp://www.packetfence.org)
On Jun 18, 2014, at 3:10 PM, Louis Munro
lmu...@inverse.camailto:lmu...@inverse.ca wrote:
On 2014-06-18, at 14:58 , Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
However
, the ios 8 device connects to a _known_ SSID, it transmits its
official MAC. so, after the handshake and the radius auth, youve got the old
behaviour in your network.
hoping to clarify,
best
michael
On 18 Jun 2014, at 20:28, Sallee, Jake wrote:
Hello PF community!
Apparently Apple has
In the gaming.pm just remove the logic that check the approved list of MACs
For me it was line 103 in gaming.pm
I changed it from
if (!valid_mac($mac) || !is_gaming_mac($mac)) {
to
if (!valid_mac($mac)) {
works like a charm.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of
) Device-Registration portal
Hi Jake,
I don't see gaming.pm in 4.2.2? And I haven't yet ;-} found what replaced it.
Steve
On Jun 24, 2014, at 11:06 AM, Sallee, Jake jake.sal...@umhb.edu wrote:
In the gaming.pm just remove the logic that check the approved list of MACs
For me
, at 12:17 PM, Stephen Wittstruck switt...@mines.edu wrote:
Thank-you Jake!
On Jun 24, 2014, at 12:09 PM, Sallee, Jake jake.sal...@umhb.edu wrote:
in the current dev branch look here: /usr/local/pf/lib/pf/web/gaming.pm, it
looks like it is the same for 4.2.2 too.
line 124
comment out
In 4.2.2 an empty conf/allowed_device_oui.txt allows all devices to be
registered.
You would just need to restart packetfence afterwards.
That's awesome! I'm filling that one away for when I do my 4.3 upgrade. Thanks
for the info.
Jake Sallee
Godfather of Bandwidth
System Engineer
I ran my PF deployment for about 3 years with the DB on a separate physical
server with out any problems. AFAIK all you have to do is change the ip and
password of your DB server in pf.conf.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900
Hello all!
I'm having an interesting error.
In my packetfence.log file I am seeing lines like this:
Aug 04 15:43:45 httpd.webservices(10147) ERROR: WARNING ! Unknown switch(es)
50:60:28:13:a8:d1 10.61.41.6 (pf::SwitchFactory::instantiate)
Aug 04 15:43:45 httpd.webservices(10147) WARN: Can't
-04, 4:47 PM, Sallee, Jake wrote:
Hello all!
I'm having an interesting error.
In my packetfence.log file I am seeing lines like this:
Aug 04 15:43:45 httpd.webservices(10147) ERROR: WARNING ! Unknown switch(es)
50:60:28:13:a8:d1 10.61.41.6 (pf::SwitchFactory::instantiate)
Aug 04 15:43:45
***DISCLAIMER***
I do not know your level of network proficiency so please forgive me if this is
not new information or if if seems I am talking down to you. At least it may
help someone else who reads this thread at a later date.
***DISCLAIMER***
I don't like L2 vlans spanning the entire
Just a bit of nit-picking here, but SNMP does not set the VLan. SNMP only
de-authenicates the user. RADIUS provides the VLan attribute via your MAB or
802.1x config.
From your logs there are no errors. can you post some more info on your setup?
What make and model of switch are you using?
Strange one here.
I have a Cisco 2960 configured the same way as many others that are working (as
far as I have been able to tell) but MAB is not working.
I can see the MAB RADIUS access-requests coming in, but PF doesn't respond.
The switch is in switches.conf and it looks correct.
:%2B1.514.447.4918%20x125 :: +1 (866) 353-6153
x125tel:%2B1%20%28866%29%C2%A0353-6153%20x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nuhttp://www.sogo.nu) and
PacketFence (www.packetfence.orghttp://www.packetfence.org)
On 2014-08-20, at 11:14 , Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu
Unplug it? :)
That is perfect! Simple, elegant, and fool proof! Other methods known to work
are:
1) Hard blows with a hammer
2) Going for a 60 second spin in the microwave (careful it may charge the
batteries : )
3) A quick dip in the pool
And my personal favorite:
.5 lbs of black powder
I am running lots of MAB on cisco and I do not use those commands, so removing
them should be okay.
I left them out bec. it was causing issues with some of my windows clients.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
, at 23:27 , Sallee, Jake jake.sal...@umhb.edu wrote:
I'm seeing a lot of the following error in my packetfence.log file:
Aug 31 21:08:23 httpd.webservices(5542) WARN: database query failed with:
Deadlock found when trying to get lock; try restarting transaction (errno:
1213), will try again
Wow, okay.
I have been running PF in conjunction with my 5508 for about 3 years and it
works well.
Before you jump in with both feet, I need to ask something.
Have you successfully setup and tested PF in a lab/test environment? If you
have not I strongly urge you to do that first. PF is a
10:45 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu escribió:
Wow, okay.
I have been running PF in conjunction with my 5508 for about 3 years and it
works well.
Before you jump in with both feet, I need to ask something.
Have you successfully setup and tested PF in a lab/test
Hello again:
I noticed that after my upgrade to 4.4.0-1 from 4.3.something my users hitting
the registration vlan on my Cisco WLC were not able to get to the captive
portal.
This was a bit of a head scratcher, but I think we have found the cause.
This may be special to my environment but I
Hello all!
After an accidental update on my production PF server I am now at the newest
version ... YAY! However I think the new version does not completely agree with
the way my old version was set up and now I am seeing some errors.
Some users that hit my captive portal got the following
mab - without this you wont be doing MAB : )
Otherwise you should be fine, I have been using MAB with Cisco 2960s for years
without those commands.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone:
...@inverse.ca :: +1.514.755.3630 :: http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://www.packetfence.org)
On 2014-09-15 11:49 AM, Sallee, Jake wrote:
Hello all!
Interesting problem, I added several switches to my switches.conf manually
since
oops, forgot to include the list.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Jake
Sent: Tuesday, September 16
From: Sallee, Jake
Sent: Tuesday, September 16, 2014 3:15 PM
To: Derek Wuelfrath
Subject: RE: [PacketFence-users] 4.4.0-1 Captive Portal Unknown State
Derek:
I believe that is correct.
I was able to reproduce the issue exactly the way you described.
Mostly
.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Derek Wuelfrath [dwuelfr...@inverse.ca]
Sent: Tuesday, September 16, 2014 3:16 PM
To: Sallee, Jake
Subject: Re: [PacketFence-users] 4.4.0-1 Captive Portal Unknown State
Mostly the issue
We do not restrict the MACs our students can register via the gaming portal.
The access they get is essentially the same either way so for us it is not that
important.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton,
Vlan comparison time!
I'm currently running about 600 vlans, and PF doesn't bat an eye.
Yes, I have a problem: http://i.imgur.com/jlgNZOs.jpg
All kidding aside, how many vlans PF can assign is completely up to you and how
you design your network and how you implement PF.
Basically, the only
Having your PF box have an interface in every vlan is not necessary for vlan
enforcement so long as you can do all of the following:
1) PF should receive a copy of all DHCP requests from any vlan you wish to use
PF on. In Cisco land this is accomplished by adding the IP of your PF server
as
That's a pretty neat setup. I am having a little bit of trouble visualizing it
though. Would it be possible for you to post a simple (and sanitized) diagram?
I think I know what you are asking about but I want to make sure.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of
: Sallee, Jake jake.sal...@umhb.edu
Sent: Monday, November 03, 2014 9:57 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Portal access from a guest anchor controller
inDMZ
That's a pretty neat setup. I am having a little bit of trouble visualizing it
though
controller
in DMZ
On Nov 3, 2014, at 2:44 PM, Sallee, Jake jake.sal...@umhb.edu wrote:
The key really is the DHCP, since your APs are most likely in central
switching mode the data is tunnelled from the AP to the WLC so you cannot
even sniff the traffic on the inside WLC... I'm not giving up
something other than a routed vlan.
Thanks,
___
Chris Mielke | Lead, ISS Network Systems
Drake Technology Services (DTS) | Drake University
T 515.271.4640
E chris.mie...@drake.edu
On 11/3/14, 2:48 PM, Sallee, Jake jake.sal...@umhb.edu wrote
Your use case sounds like it is tailor made for in-line mode.
In in-line mode, PF acts as the the router and all traffic passes though the PF
box. All of the NAC functions are done on the PF box and no manageable/smart
network equipment is needed.
If your environment is small then this is
My fellow PacketFence users:
Good day! I know few of you are running PF in conjunction with Cisco WLC boxen.
I am running into an issue and I would like to know if anyone else can
replicate it.
Background info:
I run a highly segmented network, I have ~50 buildings and each has its own
Interface option that is in the AAA
section for each WLAN?
I think option 2 is unlikely, heh. At least not in a timely manner.
On Thu, Dec 11, 2014 at 8:13 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
My fellow PacketFence users:
Good day! I know few of you are running PF
subnets?
On Thu, Dec 11, 2014 at 9:08 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Are you using the Radius Server Overwrite Interface option that is in the AAA
section for each WLAN?
Yes, I wish it were that easy :(
Jake Sallee
Godfather of Bandwidth
System Engineer
prior messages, I might just
be missing something...
On Thu, Dec 11, 2014 at 10:10 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Are you doing that because you don't route between your building subnets?
No, we do route between subnets. We decided to segment
a teamviewer
session.
On Thu, Dec 11, 2014 at 11:10 AM, Sallee, Jake jake.sal...@umhb.edu
wrote:
Apologies if this is obvious ...
No apologies necessary, I appreciate the dialogue.
We have been told we have a complicated network, so it can be
difficult to explain in brief. A misunderstanding
.
On Tue, Feb 3, 2015 at 5:47 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Here is a heavily redacted version of my switches.conf.
However I should note that since about v3 something I have not had to manually
edit the switches.conf unless I am adding several switches
. To the contrary - thank you very much, once again:)
I followed the link. It describes just the initial setup on the ports.
So I presume then the PF would look to its networks.conf file to look up the
VLAN's to use for the role assignment, correct?
Boris.
On Sun, Feb 1, 2015 at 6:12 PM, Sallee, Jake
.
Cheers,
Boris.
On Sun, Feb 1, 2015 at 6:12 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Weird let me see if I can find it...
I don't know why but you are not the first person to say that your search did
not turn up anything.
Sorry about that.
Here is the link
: [PacketFence-users] sample Cisco 2900 series or 3750 config,
anybody?
Jake,
Thanks. I did search a couple of times but could not find anything.
Boris.
On Fri, Jan 30, 2015 at 10:07 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
Search the email archives for my name and cisco
Search the email archives for my name and cisco 2960.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Pete Hoffswell
1) Why is a Production VLAN not mandated?
Many users have multiple vlans that users can be put into, I have
faculty/staff, students, guests, etc. Each gets put into a separate vlan with
its own set of restrictions.
That's why when you setup a new role in PF you will find a vlan designator
one question: is the PF server expected to have all the VLAN's from all
the sites? Or can that part be relegated to relevant switches?
Thanks for your input.
Boris.
On Fri, Jan 9, 2015 at 2:45 PM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
OK, let us say I have
OK, let us say I have a distributed network with multiple sites, and I can
not have VLAN's spanning across multiple sites...
PF makes the final vlan assignment based on the role and the switch you the
node is connected to.
So to make sure the correct vlans get assigned set them up in the
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Jake [jake.sal...@umhb.edu]
Sent: Tuesday, March 03, 2015 9:31 AM
To: packetfence-users
We all know that MAC address security is not foolproof...
THIS! So much of this!
It is very important that anyone using any kind of MAC based auth mechanism to
understand that MAC auth is NOT secure. It is a useful tool, but it is not
secure.
MAC auth is useful and can, and should, be
Got you covered mate!
http://permalink.gmane.org/gmane.comp.networking.packetfence.user/7483
That should be enough to get you squared away.
Be aware that if you are using MAB with 802.1x you will have to wait for 802.1x
to timeout if your device does not support it. This can take up to 60
You can put the DHCP helper directive in the switch just don't run DHCP on the
PF server (this is exaclty what we do).
The switch should still serve up your DHCP and the PF server will be happy that
it is seeing the DHCP traffic.
Also; running DHCP on the actual switch has always struck me as
@lists.sourceforge.net'
Subject: Re: [PacketFence-users] PF and independent DHCP
Out of interest Jake, does your PacketFence server serve IP addresses for the
registration and isolation networks?
Cheers,
Andi
-Original Message-
From: Sallee, Jake [mailto:jake.sal...@umhb.edu]
Sent: 29 April
is a different device. If
it goes down there is no need for it to take down the DHCP capability for
devices already plugged into this switch and assigned their proper VLAN. Does
that make sense?
Respectfully,
Boris.
On Wed, Apr 29, 2015 at 3:56 PM, Sallee, Jake
jake.sal
Well, I have a little experience with Xirrus ... about 7 years : )
We have about ~150 Xirrus arrays running with PF enabled.
My thoughts on Xirrus as a product ... that may be a conversation for another
time. Short, short version? 90/10 positive.
As to your problem, it looks like you have PF
Subject: Re: [PacketFence-users] switch configuration: Cisco router with
dot1x/MAB authentication
Jake,
Thank you very much, this is very helpful.
The RADIUS server in this schema is the same as the PF server, right?
Boris.
On Mon, Apr 13, 2015 at 6:47 PM, Sallee, Jake
jake.sal
Apr 13 11:39:14 httpd.portal(13461) WARN: [00:24:e8:df:b5:84] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Most likely PF did not see the DHCP conversation between your client the the
DHCP server. it is critical that PF see the
1) What is your organization/network?
University of Mary Hardin-Baylor
2) How many sites does it have?
One, but we treat every building as it own mini-site and we have ~50 of those.
3) How many devices/nodes?
~ 600 APs, ~150 switches, ~14,000 devices
Jake Sallee
Godfather of Bandwidth
post this information?
Message: 3
Date: Wed, 24 Jun 2015 14:48:54 +
From: Sallee, Jake jake.sal...@umhb.edu
Subject: Re: [PacketFence-users] truncate username@domain pid tojust
username
To: packetfence-users@lists.sourceforge.net
packetfence-users@lists.sourceforge.net
We are currently doing this with a little bit of java script we put in the page
If anyone is interested I can post the code, its only a few lines.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone:
Abdelghafour:
Did you add the switch in the admin GUI on PF? You can also tail the
packetfence.log file when you are doing your test and you should see why PF is
rejecting the authentication.
This is just a shot in the dark, but my feeling is that the switch for some
reason did not make it
Hello all, lets get the server info out of the way first shall we?
PF v5.1.0-1
new install
all updates are applied
When users hit the captive portal they get there fine, but when they click on
the link to register as a guest they get an error.
caught exception in
of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Jake [jake.sal...@umhb.edu]
Sent: Friday, June 12, 2015 8:28 AM
To: packetfence-users
BPDU guard will work with any end point, not just the ones that use STP.
The way BPDU works is that it will shutdown (errdisable) a port that is in
portfast mode when a BPDU packet is seen on that port.
All switches generate BPDU packets, even the cheap 5 port unmanaged off brand
types.
Hubs
Rhoads
rhoa...@danvilleva.gov
-Original Message-
From: Sallee, Jake [mailto:jake.sal...@umhb.edu]
Sent: Thursday, July 02, 2015 9:47 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Rogue switches
BPDU guard will work with any end point, not just the ones
switches
And you have PacketFence working with this port config? It is different from
the guidance in the Admin Guide. Thank you very much, I have some
experimentation to do.
Respectfully,
Robert Rhoads
rhoa...@danvilleva.gov
-Original Message-
From: Sallee, Jake
primary ways of checking to see if the server is even trying to join AD.
On Thu, Aug 20, 2015 at 9:34 AM, Sallee, Jake
jake.sal...@umhb.edumailto:jake.sal...@umhb.edu wrote:
So, a configreload hard and blanking out my domain.conf file seemed to help.
I can get to the domain GUI now ... so I've got
Hello all ... again.
The new domain joining system adds a virtual interface to the server that it
uses to communicate with the domain. however this new interface is not the
same one as the management interface.
The new interface is automatically registering its self with my DNS servers
, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Jake [jake.sal...@umhb.edu]
Sent: Thursday, August 20, 2015 1:23 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Error in GUI domain config [SOLVED]
Hello all:
Im
Hello all!
Im trying to join my server to my AD domain, however it gave me an error about
not finding my info over rpc.
However now when I go to the domain config section of the admin GUI i get the
red An error occurred dialogue.
Can someone please post a working (and sanitized) copy of their
.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Jake [jake.sal...@umhb.edu]
Sent: Thursday, August 20, 2015 10:50 AM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Error in GUI domain config
Hello all!
Im
We would like to help, but we need information to work with.
If you are unable to start MYSQL there will be an error in the system logs.
Can you please post the contents of:
/var/log/messages (or syslog depending on the system)
/usr/local/pf/logs/packetfence
/usr/local/pf/logs/httpd.aaa.error
We could use a bit more info : )
How do you have your PF deployed? Inline, VLan, etc?
How many users are your servicing?
How many requests per second?
What auth mechanisms are your using? MAC auth, 802.1x, etc?
Also, if you are in a tight spot CALL INVERSE! They are great and will work
) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
On Sep 23, 2015, at 16:07 , Sallee, Jake
<jake.sal...@umhb.edu<mailto:jake.sal...@umhb.edu>> wrote:
Louis! Hows it goin' buddy!
Here is a pcap of the exchange between the aruba vcontroller and the PF server.
I h
Hello all!
Weird one here.
First things first:
PF v5.3.1, with an Aruba 205H AP.
The manufacturer ensures us that the devices are compatible with wired and
wireless MAC auth so we have made a small adjustment to the module to return
mac auth = true. Other than that, everything is stock.
In
cketfence.org<http://www.packetfence.org>)
On Sep 22, 2015, at 11:06 , Sallee, Jake
<jake.sal...@umhb.edu<mailto:jake.sal...@umhb.edu>> wrote:
Hello all!
Weird one here.
First things first:
PF v5.3.1, with an Aruba 205H AP.
The manufacturer ensures us that the devices are
ackages.
Jason A. Maher
Network Engineer
Multi-State Lottery
P: 515-453-1408
F: 515-453-1420
-----Original Message-
From: Sallee, Jake [mailto:jake.sal...@umhb.edu]
Sent: Tuesday, January 05, 2016 4:39 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-u
We're going to need some more info.
What is the Base OS (distro and version) and the complete log of the failed
install at least.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax:
Did you run the web-based configurator? It is the first step after you install.
No PF user and no PF data base sounds like you may have missed that step.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone:
Hello all!
I think you will all be happy to hear that I did not screw up my upgrade from
5.3 to 5.5!
***que trumpets***
I think, though, there may be a bug in the admin GUI. When I pull up a list of
my nodes I get multiple entries for the same node.
The entries are identical as far as I
1 - 100 of 189 matches
Mail list logo