Re: [PacketFence-users] AD user group in the authentication source

it tomorrow from office From: Andrew Jones via PacketFence-users Sent: Monday, November 08, 2021 7:27 PM To: packetfence-users@lists.sourceforge.net Cc: Andrew Jones Subject: Re: [PacketFence-users] AD user group in the authentication source On 2021-11-09 09:46, E.P. via PacketFence-users

Re: [PacketFence-users] AD user group in the authentication source

fence-users@lists.sourceforge.net> Cc: E.P. mailto:ype...@gmail.com> > Subject: Re: [PacketFence-users] AD user group in the authentication source Mine is setup for memberOf equals "full DN of Group" Aaron On Tue, Nov 2, 2021 at 3:26 AM E.P. via PacketFence-users ma

Re: [PacketFence-users] Trouble trying to enable captive portal with Unifi Controller (WebAuth)

Thank you, Federico. I read it all from the PF document  All my APs are added as switches by IP addresses and belong to the same switch group. Unifi controller is also member of this group. Type is Ubiquity:Unifi And I’m having little challenges with the SSL certificate that I want to use

Re: [PacketFence-users] Rejected users logging via Windows

5caHWMmIh3876Ltlye32g0DQrmp4OvULBz38Eq0qNdX7v2epA$> <https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!AaUextL_VDqbW5caHWMmIh3876Ltlye32g0DQrmp4OvULBz38Eq0qNfuFopyQg$> On Nov 2, 2021, at 3:07 AM, E.P. via Pack

Re: [PacketFence-users] AD user group in the authentication source

;mailto:packetfence-users@lists.sourceforge.net> Cc: E.P. mailto:ype...@gmail.com> > Subject: Re: [PacketFence-users] AD user group in the authentication source Mine is setup for memberOf equals "full DN of Group" Aaron On Tue, Nov 2, 2021 at 3:26 AM E.P. via

Re: [PacketFence-users] AD user group in the authentication source

e Mine is setup for memberOf equals "full DN of Group" Aaron On Tue, Nov 2, 2021 at 3:26 AM E.P. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net> > wrote: I dare asking a stupid question. What is the correct way to create a condition in the authenti

Re: [PacketFence-users] Trouble trying to enable captive portal with Unifi Controller (WebAuth)

I’m jumping into this thread as it got my interest as well because we are with Unifi and planning to deploy guest WiFi with WebAuth via the portal. In the URL that Fabrice advised to configure I believe “s” is for the site name ? http://

[PacketFence-users] Rejected users logging via Windows

Hello, A while ago someone asked here this question and there was no reply. I hit it again and I have clue, out of the blue, all authentications attempts from Windows OS fail: Nov 1 23:52:53 packetfence auth[2736]: Adding client 172.19.254.2/32 Nov 1 23:52:53 packetfence auth[2736]: (24)

[PacketFence-users] AD user group in the authentication source

I dare asking a stupid question. What is the correct way to create a condition in the authentication source based on AD to verify the user specific group membership. I created a condition based on "memberOf" attribute which is equal to the DN of the group. It seems doesn't apply or rather not

Re: [PacketFence-users] Issues with Captive Portal and Unifi Wireless

Thank you, Fabrice, as usual ! Yes, it looks like the maintenance patch was not applied (pf-maint.pl) as it started pulling lots of packages when I started it. But to my frustration it all ended up with nothing: [root@pf conf]# /usr/local/pf/bin/pfcmd pfcron ubiquiti_ap_mac_to_ip Died at

[PacketFence-users] SMTP configuration to send PIN out via SMS

Maybe this question has been already asked and I'm too lazy to google it but maybe someone has a fresh knowledge about it. I'm trying to configure SMTP server on PF to send emails out and specifically the PIN via SMS gateways. I created an email account for this purposes on the internal mail

Re: [PacketFence-users] Issues with Captive Portal and Unifi Wireless

And one important addition to this riddle. If I hit the captive portal page manually while being associated to the guest SSID I see that PF rightfully complains that my computer was not found in the database. It has to be noted that this is Layer 3 deployment and there's no way to put this

Re: [PacketFence-users] Wildcard SSL certificate installation on PF

been alive, from where we are. :-) Anyway: I would encourage you to take a look a Let's Encrypt certificates with packetfence. I think they are a bit more secure than a wildcard certificate, plus they are free and work very well. (there are some threads on this mailinglist on that subject) Good luck,

Re: [PacketFence-users] Wildcard SSL certificate installation on PF

;> >> -Original Message- >> From: mj via PacketFence-users >> Sent: Wednesday, November 11, 2020 1:38 AM >> To: packetfence-users@lists.sourceforge.net >> Cc: mj >> Subject: Re: [PacketFence-users] Wildcard SSL certificate installation on PF >> >> H

Re: [PacketFence-users] Wildcard SSL certificate installation on PF

a bit more secure than a wildcard certificate, plus they are free and work very well. (there are some threads on this mailinglist on that subject) Good luck, MJ On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote: > Since this group suddenly became alive I dare asking my previous again

Re: [PacketFence-users] Wildcard SSL certificate installation on PF

Since this group suddenly became alive I dare asking my previous again  How would I install a wildcard SSL certificate on PF, see more details below Eugene From: E.P. Sent: Saturday, October 31, 2020 2:43 PM To: packetfence-users@lists.sourceforge.net Subject: Wildcard SSL certificate

Re: [PacketFence-users] PacketFence certificate issues

Anyone from PF support team to chime on it, please ? Desperately trying to understand what's wrong. One more thing from my investigation. The webpage that pops up when I connect to a hotspot contains the following URL https://172.16.0.120/guest/s/q4b0wgkk/?ap=18:e8:29:93:52:a8

[PacketFence-users] Wildcard SSL certificate installation on PF

Guys, I'm trying to overcome the issue with a self-signed SSL certificate that PF offers to WiFi authentication via captive portal. This a certificate that is in use by HTTPS sessions Certificate/Key match Chain is invalid common_name 127.0.0.1, emailAddress=supp...@inverse.ca issuer

Re: [PacketFence-users] Wifi Hotspot with SMS OTP Authentication Needed

Hello, I looked through archive of the emails on the topic in the subject and found that this question has never been answered. Is there any reference or at least high level instruction how to do it ? Eugene -Original Message- From: Sina Owolabi via PacketFence-users Sent: Saturday,

Re: [PacketFence-users] Can't login to PF admin page after upgrade to ver 9.1

Yes, exactly. Sent from iPhone > On Nov 11, 2019, at 04:41, Serhiy Morhun via PacketFence-users > wrote: > > I had the same error after an upgrade to 9.1. Rebooting the server resolved > it and I was able to log in again. > > > > >> On Mon, Nov 11, 201

[PacketFence-users] Can't login to PF admin page after upgrade to ver 9.1

Folks, Ran an upgrade to ver 9.1 It went smoothly as I saw it, no issues noticed. Tried to login to admin page and was challenged by this error message: Couldn't find any information for the current token. Either it is invalid or it has expired. Eugene

Re: [PacketFence-users] Manual device registration to allow it to the network

and assign a role manually. That's it. Regards Fabrice Le 19-07-03 à 14 h 44, E.P. via PacketFence-users a écrit : Now I’m getting confused after trying to understand RADIUS enforcement. Reading the document that says: Using RADIUS enforcement, everytime a device connects

Re: [PacketFence-users] Failure to authenticate the user - user rejected

to the null realm and restart radius. Regards Fabrice Le 19-06-30 à 15 h 16, E.P. via PacketFence-users a écrit : Guys, Please point my eyes in the right direction in the attempt to understand what’s wrong. Perhaps it has been discussed before here in this list but I failed to find an advice

Re: [PacketFence-users] Manual device registration to allow it to the network

registration to allow it to the network Hello Eugene, On 2019-07-03 8:10 a.m., E.P. via PacketFence-users wrote: > Does it seem doable ? Yes. When you say (via WPA2-Enterprise/RADIUS), you mean with 802.1X ? > I compared two endpoints, one of them is registered with

Re: [PacketFence-users] Manual device registration to allow it to the network

.net> Cc: Nicolas Quiniou-Briand mailto:n...@inverse.ca> > Subject: Re: [PacketFence-users] Manual device registration to allow it to the network Hello Eugene, On 2019-07-03 8:10 a.m., E.P. via PacketFence-users wrote: > Does it seem doable ? Yes. When you say (via WPA2-En

[PacketFence-users] Manual device registration to allow it to the network

Folks, My boss wants to manually allow devices that connect to a specific SSID (via WPA2-Enterprise/RADIUS) and the way to do it is manually register them under Nodes section and also assign them a role including REJECT. Does it seem doable ? I compared two endpoints, one of them is registered

Re: [PacketFence-users] Active Directory Authentication Source

Hi Chad, It’ll be very useful to know a bit about AD architecture  Overall, you can of course use any user from your AD but whatever was written in the documentation was done for a reason. This is how it all works. The procedure is pretty much simple. I used this document to configure only

[PacketFence-users] Failure to authenticate the user - user rejected

Guys, Please point my eyes in the right direction in the attempt to understand what's wrong. Perhaps it has been discussed before here in this list but I failed to find an advice that would lead to a fix. I followed the standard procedure to configure PF for out-of-band authentication with

Re: [PacketFence-users] PF 9.0.1 initial setup is stuck on database page

with VLAN enforcement. This guide might be useful to you: http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.4.0.pdf On Tue, Jun 11, 2019 at 2:20 PM E.P. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net> >

Re: [PacketFence-users] PF 9.0.1 initial setup is stuck on database page

Could you provide some insight as to what OS, and browser you're using? Context would be helpful. Nicholas P. Pier Network & Virtualization Engineer CCNP RS, PCSNSE7, VCIX6-DCV, VCIX6-NV On Sat, Jun 8, 2019 at 7:45 PM E.P. via PacketFence-users mailto:packetfence-users@lis

Re: [PacketFence-users] PF 9.0.1 initial setup is stuck on database page

VCIX6-DCV, VCIX6-NV On Sat, Jun 8, 2019 at 7:45 PM E.P. via PacketFence-users mailto:packetfence-users@lists.sourceforge.net> > wrote: I would appreciate if anyone reply and confirm that this email is making it to packetfence users list Eugene From: E.P. mailto:ype...@gmail.com&g

Re: [PacketFence-users] PF 9.0.1 initial setup is stuck on database page

ide some insight as to what OS, and browser you're using? Context would be helpful. Nicholas P. Pier Network & Virtualization Engineer CCNP RS, PCSNSE7, VCIX6-DCV, VCIX6-NV On Sat, Jun 8, 2019 at 7:45 PM E.P. via PacketFence-users mailto:packetfence-users@lists.sourceforge.ne

[PacketFence-users] PF 9.0.1 initial setup is stuck on database page

Hey guys, Maybe I'm special or it is a bad witchcraft on me. After a long time I got back to Packetfence as we still need to secure Ubiquiti Unifi WiFi with dot1x via RADIUS Well, trying to install zero effort appliance and stuck at the initial pages after creating database user. Clicking on

Re: [PacketFence-users] PF 9.0.1 initial setup is stuck on database page

I would appreciate if anyone reply and confirm that this email is making it to packetfence users list Eugene From: E.P. Sent: Saturday, June 08, 2019 12:11 PM To: packetfence-users@lists.sourceforge.net Subject: PF 9.0.1 initial setup is stuck on database page Hey guys, Maybe I'm

Re: [PacketFence-users] PF 7.4 with 'Reading winbind reply failed!'

pfcmd service radius restart. If the proxy.conf.inc file is still empty then open an issue on github. Regards Fabrice Le 2018-03-13 à 22:00, E.P. via PacketFence-users a écrit : > Hi Chris, > Welcome on board, we are in the same boat with someone else here with the > same error message

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

patch detected! Assume -R? [n] n Apply anyway? [n] y Hunk #1 FAILED at 43. Hunk #2 FAILED at 169. 2 out of 2 hunks FAILED -- saving rejects to file lib/pf/enforcement.pm.rej On Sun, Mar 11, 2018 at 6:44 PM, E.P. via PacketFence-users <packetfence-users@lists.sourceforge.net &l

Re: [PacketFence-users] PF 7.4 with 'Reading winbind reply failed!'

Hi Chris, Welcome on board, we are in the same boat with someone else here with the same error message. I already provided Fabrice with all sort of answers here kindly requested trying to help me but we are still at nowhere. Hoping this issue will be a spotlight  Eugene -Original

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

nother try ? curl https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589 136a097166c440cb30107ddfb.diff | patch -p1 curl https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2 fd4a4dac435ff62d69c4ed00f.diff | patch -p1 Regards Fabrice Le 2018-03-06 à 22:53, E.P. via PacketFenc

Re: [PacketFence-users] [Packetfence] AD authentication with FreeRadius: "reading winbind reply failed!"

Hi Fabrice, So, what is the expected order of realms processing ? Any ideas or enlightenments about what is wrong? I restarted radius service many times and even rebooted the appliance From: Fabrice Durand [mailto:fdur...@inverse.ca] Sent: Friday, March 09, 2018 5:32 AM To: E.P.

Re: [PacketFence-users] [Packetfence] AD authentication with FreeRadius: "reading winbind reply failed!"

Easy  cat /usr/local/pf/raddb/proxy.conf.inc realm default { strip } From: Durand fabrice [mailto:fdur...@inverse.ca] Sent: Thursday, March 08, 2018 6:42 PM To: E.P. ; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] [Packetfence] AD

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2 fd4a4dac435ff62d69c4ed00f.diff | patch -p1 Regards Fabrice Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit : There’s another challenge in the endless string of them… My PEAP connection from Windows based supplicant lan

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

f967ad1ee589 136a097166c440cb30107ddfb.diff | patch -p1 curl https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2 fd4a4dac435ff62d69c4ed00f.diff | patch -p1 Regards Fabrice Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit : There’s another challenge in the endless string of them… My PEA

Re: [PacketFence-users] [Packetfence] AD authentication with FreeRadius: "reading winbind reply failed!"

Good morning, Fabrice, I ran chroot /chroots/optionsad wbinfo -u and received the output of all users and groups from AD where optionsad is my AD domain. And here’s what I see in RADIUS debugs when I use a named realm, not the default one, Windows supplicant uses PEAP method

Re: [PacketFence-users] [Packetfence] AD authentication with FreeRadius: "reading winbind reply failed!"

have that works with default realm? Short term, it might just suffice for us. Regards Jimmy Van: E.P. via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Verzonden: woensdag 7 maart 2018 4:33 Aan: packetfence-users@lists.sourceforge.net <mailto:packetfence-users

[PacketFence-users] No roles assignment and no rules matching in the authentication source

There's another challenge in the endless string of them. My PEAP connection from Windows based supplicant lands on the connection profile and wheels start rotating, i.e. the profile uses the authentication source The connection and authentication completes but there's no role assignment and I

Re: [PacketFence-users] [Packetfence] AD authentication with FreeRadius: "reading winbind reply failed!"

Hi Jimmy and Fabrice, I would like to report the same experience. I have a realm (OPTIONS-AD-REALM) and it is associated with the AD domain (optionsad), i.e. [OPTIONS-AD-REALM] domain=optionsad options=strip I had similar problems with winbind, same errors in the output of RADIUS

[PacketFence-users] Reading winbind reply failed when doing PEAP with mschap AD based authentication

Guys, I'm sending it in vain not believing that there's anyone at PF watching this list. Is Packetfence going through hard time? I even send a request about the commercial support, no reply from anyone. Still hoping someone will pick it up, please help ! I migrated to a fresh install of PF

Re: [PacketFence-users] Unifi APs and CoA

packetfence when setting up the switch? Should I use hostapd or Unifi Controller? Should I enable COA or not? Does anyone have a working setup of Unifi APs with an out of band setup of packetfence at this point? If so, could you shed some light and post your configurations? Than

[PacketFence-users] Captive portal redirect issues

Folks, I feel awkward to bombard this list with questions but I do hope I'm heard and someone can help me. On the way to make the captive portal to surface but stumbling upon the redirect or rather packetfence not completing it. I'm connecting to the guest SSID and open the web browser on the

Re: [PacketFence-users] Access to PF captive portal is blocked

packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Durand fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca> > Subject: Re: [PacketFence-users] Access to PF captive portal is blocked Hello Eugene, do you have the capture ? Regards

Re: [PacketFence-users] Access to PF captive portal is blocked

eforge.net> Cc: Durand fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca> > Subject: Re: [PacketFence-users] Access to PF captive portal is blocked Hello Eugene, do you have the capture ? Regards Fabrice Le 2018-02-15 à 23:12, E.P. via PacketFence-users a écrit : Hi Fab

Re: [PacketFence-users] Access to PF captive portal is blocked

e, do you have the capture ? Regards Fabrice Le 2018-02-15 à 23:12, E.P. via PacketFence-users a écrit : Hi Fabrice, I dare sending it again believing my previous email fell into cracks. Can you please advise what could be wrong (see below) Eugene From: E.P. [mailto:ype...@gma

Re: [PacketFence-users] Access to PF captive portal is blocked

nd fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca> > Subject: Re: [PacketFence-users] Access to PF captive portal is blocked Hello Eugene, do you have the capture ? Regards Fabrice Le 2018-02-15 à 23:12, E.P. via PacketFence-users a écrit : Hi Fabrice, I dare sending it a

[PacketFence-users] Access to PF captive portal is blocked

Hello folks, I really hope someone who ran into a similar problem will shed some light. Feeling bad we don't hear anything from Fabrice or someone from inverse. I have an out-of-band deployment of PF and my WiFi client gets connected and redirected to PF I see redirects by capturing the

Re: [PacketFence-users] Access to PF captive portal is blocked

Hi Fabrice, I dare sending it again believing my previous email fell into cracks. Can you please advise what could be wrong (see below) Eugene From: E.P. [mailto:ype...@gmail.com] Sent: Wednesday, February 14, 2018 1:08 AM To: packetfence-users@lists.sourceforge.net Subject: Access

Re: [PacketFence-users] Unifi APs and CoA

+49 (0) 152 3452 0056 a: w: Hammersteiner Straße 50, 79400 Kandern <http://bfacademy.de/> bfacademy.de On Sat, Feb 10, 2018 at 7:33 AM, E.P. via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.n

Re: [PacketFence-users] Unifi APs and CoA

Yes, David, this is my plan to test the captive portal on wired connections to rule out the unruly Unifi APs Ideally I would love to make it also work with HP switches 1820/1920 model because this is the majority of switches installed in our organization. But will try it on Cisco switch as a

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

As a quick update to it, I captured traffic coming from UniFi controller to PF during the connection of the client to guest SSID and see that there’s a request coming to port 9000 (172.16.0.222 is my PF)

[PacketFence-users] Captive portal configuration basics

Folks, I'm struggling to put all pieces together to make it work like it is described in this guide: https://www.puc.edu/__data/assets/pdf_file/0005/162455/PacketFence-Login-For -Guests.pdf Would appreciate if someone will give me an advice where to start in PF. Or alternatively if my

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

Hi Tim and gang, Any idea where I should start looking into PF to troubleshoot WebAuth for WiFi ? I finally had time to prepare UniFi according to screenshots published at github https://github.com/inverse-inc/packetfence/tree/ae18f50b4879cc2d4132490fcee33f2fbe53b36f/docs/images Namely this

[PacketFence-users] HP 1820/1920 switches support

Folks, Trying to figure out if the wired network I inherited is ready for port based access control. We run mostly HP 1820/1920 switches on the access layer. Their technical specs do state that they support dot1x and RADIUS. But I didn't find any references about these models in the device here

Re: [PacketFence-users] Where is the packetfence PKI Certificate Authority private key file?

Hi Yijie, I’ve spent some time with PKI as well trying to figure out how to make it work and deploy certificates. Have it currently inaccessible for the reason unknown to me yet, but as far as I remember the CA certificate is in *.PEM format and all you have to do is manually install it on

Re: [PacketFence-users] PKI installation

Hi Fabrice, I feel awkward resurrecting this topic but I believe something happened to PKI after I upgraded PF to 7.4 Really want it to be not connected with it but I can’t login to PKI admin interface. The login page shows normally with a prompt for username/password, I enter previously

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

Hi Tim, As usual, your comments are invaluable ;) Looking at the guide which is in asciidoc to see how to properly deal with Unifi. Would be nice to see pictures as they are missing. Also, do I need to replace IP addresses for AP in the switches.conf with their MAC addresses ? Eugene

Re: [PacketFence-users] VLAN assigment by RADIUS

r-Name = "it.tech" From: Durand fabrice via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Monday, January 29, 2018 5:18 PM To: packetfence-users@lists.sourceforge.net Cc: Durand fabrice Subject: Re: [PacketFence-users] VLAN assigment by RADIUS Hell

Re: [PacketFence-users] VLAN assigment by RADIUS

ourceforge.net Cc: Durand fabrice Subject: Re: [PacketFence-users] VLAN assigment by RADIUS Hello Eugene, check in the radius audit log, you will see the radius answer. Regards Fabrice Le 2018-01-29 à 19:41, E.P. via PacketFence-users a écrit : Guys, How can I see if a specific VLAN

Re: [PacketFence-users] Bandwidth accounting

-01-29 à 18:04, E.P. via PacketFence-users a écrit : Folks, I’m trying to understand how to enable violations for bandwidth with accounting Looking at this youtube video example but don’t see it could be done in the current version of PF. https://www.youtube.com/watch?v=7nSrYKkX7wk The only

Re: [PacketFence-users] VLAN assigment by RADIUS

ourceforge.net Cc: Durand fabrice Subject: Re: [PacketFence-users] VLAN assigment by RADIUS Hello Eugene, check in the radius audit log, you will see the radius answer. Regards Fabrice Le 2018-01-29 à 19:41, E.P. via PacketFence-users a écrit : Guys, How can I see if a specific VLAN

Re: [PacketFence-users] VLAN assigment by RADIUS

d fabrice Subject: Re: [PacketFence-users] VLAN assigment by RADIUS Hello Eugene, check in the radius audit log, you will see the radius answer. Regards Fabrice Le 2018-01-29 à 19:41, E.P. via PacketFence-users a écrit : Guys, How can I see if a specific VLAN ID that I assigned to

Re: [PacketFence-users] Bandwidth accounting

Well, I'd rather paraphrase my question as to how to use available "Bandwidth limit" violation to limit a user session based on a specific bandwidth value. Eugene From: E.P. [mailto:ype...@gmail.com] Sent: Monday, January 29, 2018 3:04 PM To: packetfence-users@lists.sourceforge.net

[PacketFence-users] Bandwidth accounting

Folks, I'm trying to understand how to enable violations for bandwidth with accounting Looking at this youtube video example but don't see it could be done in the current version of PF. https://www.youtube.com/watch?v=7nSrYKkX7wk The only section on Violations is under Configuration -

Re: [PacketFence-users] Number of devices to connect to the network

to the network Hello Eugene, this is exactly where you have to control that. So just set a limit on the roles where you want to limit the number of devices per users. Regards Fabrice Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit : It sounds close to the number of devices

Re: [PacketFence-users] NULL realm

@lists.sourceforge.net Cc: Durand fabrice Subject: Re: [PacketFence-users] NULL realm Hello Eugene, the NULL realm is located in realm.conf.defaults Regards Fabrice Le 2018-01-23 à 14:14, E.P. via PacketFence-users a écrit : Guys, I wonder if I can make PF bypass NULL realm processing? The reason

Re: [PacketFence-users] Number of devices to connect to the network

-users] Number of devices to connect to the network Hello Eugene, this is exactly where you have to control that. So just set a limit on the roles where you want to limit the number of devices per users. Regards Fabrice Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit : It sounds

[PacketFence-users] NULL realm

Guys, I wonder if I can make PF bypass NULL realm processing? The reason is that we want to use only the user ID in the username field. If we use like this then the authentication attempt hits NULL realm. I tried to remove it from PF GUI but it still stays there. Interesting that it is not

Re: [PacketFence-users] Number of devices to connect to the network

on the roles where you want to limit the number of devices per users. Regards Fabrice Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit : It sounds close to the number of devices/nodes a user can register which is configurable under Configuration-Policies and access control-Roles

Re: [PacketFence-users] Number of devices to connect to the network

to the network Hello Eugene, this is exactly where you have to control that. So just set a limit on the roles where you want to limit the number of devices per users. Regards Fabrice Le 2018-01-16 à 02:01, E.P. via PacketFence-users a écrit : It sounds close to the number of devices/nodes

Re: [PacketFence-users] Number of devices to connect to the network

à 02:01, E.P. via PacketFence-users a écrit : It sounds close to the number of devices/nodes a user can register which is configurable under Configuration-Policies and access control-Roles, but we don’t allow this luxury to anyone yet. Just regular network admission control based on the active AD

Re: [PacketFence-users] PKI provisioning configuration for Apple OS/iOS

configuration for Apple OS/iOS Hello Eugene, Le 2018-01-13 à 02:59, E.P. via PacketFence-users a écrit : Folks, Our two big shots in the organization live their lives with Apple macbooks and we need to get them on the secure WiFi. Can someone explain me where and how to get the content

[PacketFence-users] Number of devices to connect to the network

Guys, We are still at the early phases of PF deployment and only now looking into AD based authentication for wireless devices Is there any way to limit the number of user devices that can be connected by one user? Let's say the user uses his/her laptop and roams around remote sites where we

Re: [PacketFence-users] PKI provisioning configuration for Apple OS/iOS

To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand Subject: Re: [PacketFence-users] PKI provisioning configuration for Apple OS/iOS Hello Eugene, Le 2018-01-13 à 02:59, E.P. via PacketFence-users a écrit : Folks, Our two big shots in the organization live their lives with Apple

Re: [PacketFence-users] Number of devices to connect to the network

It sounds close to the number of devices/nodes a user can register which is configurable under Configuration-Policies and access control-Roles, but we don't allow this luxury to anyone yet. Just regular network admission control based on the active AD account From: E.P.

[PacketFence-users] PKI provisioning configuration for Apple OS/iOS

Folks, Our two big shots in the organization live their lives with Apple macbooks and we need to get them on the secure WiFi. Can someone explain me where and how to get the content of certificates that are trusted by Apple devices. The guide on PKI says Verisign certificate could be an

Re: [PacketFence-users] PKI installation

And I dare to ask this question again about provisioners. I’m struggling with allowing iPads to the network with certificates issued to their MAC addresses Eugene From: E.P. [mailto:ype...@gmail.com] Sent: Wednesday, January 10, 2018 1:05 AM To: packetfence-users@lists.sourceforge.net

Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI

, same results, reason - eap_tls: SSL says error 20 : unable to get local issuer certificate Eugene From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject

Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI

issuer certificate Eugene From: Fabrice Durand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject: Re: [PacketFence-users] Device authentication with client TLS

Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI

: Wednesday, January 10, 2018 6:07 AM To: E.P. via PacketFence-users Cc: Fabrice Durand Subject: Re: [PacketFence-users] Device authentication with client TLS certificate issued by PKI Hello Eugene, you probably need to import the CA certificate or uncheck verify server certificate in your

Re: [PacketFence-users] PKI installation

Fabrice, Can you please elaborate on provisioners and connection profiles within PKI context Let’s say I created a provisioner for Windows endpoints as described in the guide. How would it allow Windows host to automatically connect to a specific SSID? As far as I know you can put a check

[PacketFence-users] Device authentication with client TLS certificate issued by PKI

And here comes the culmination of my saga with PKI ;) Actually, I was slowly going towards it and really hoped I will jump through this final hoop smoothly. Alas… Anyways, to cut the long story short, I failed TLS authentication for Windows 10 endpoint. Here’s what I did so far. We want to

Re: [PacketFence-users] PKI installation

Sorry for being a pain in the lower part of the back, Fabrice ;) I thought that the admin user in PF is different from PKI. At least I know that I did change the password for admin in PF as you described and this is how I login to the main GUI. But I can’t login as admin with the same password

Re: [PacketFence-users] PKI installation

Couple of questions on PKI, Fabfice 1. How would I change the password for admin user in PKI. The “User Management” section gives me the option of editing the admin user but I can’t see the password change option 2. I’m adding a server certificate after I created a server

Re: [PacketFence-users] Assistance with AD dot1x

then PacketFence will use it (you can strip the username if needed in the source). Regards Fabrice Le 2018-01-07 à 19:32, E.P. via PacketFence-users a écrit : I’m curious, did you create a new realm or used the default one and linked it to AD ? I tried to create a new realm and it is placed

Re: [PacketFence-users] PKI installation

Hi Fabrice, I confirm that I was finally able to rebuild PKI and configure it At least logged in successfully to PKI configuration and went through 4 steps of creating certificates Very much appreciate your time and efforts ! Trying to figure it out how to roll out certificates to various

Re: [PacketFence-users] Assistance with AD dot1x

I’m curious, did you create a new realm or used the default one and linked it to AD ? I tried to create a new realm and it is placed in the end of the list and the authentication never reached it. It only worked to me if I link the default realm to AD Eugene From: j...@momentumvr.co.uk

Re: [PacketFence-users] Assistance with AD dot1x

Hi John, I still have a fresh experience with configuring AD in PF and it worked to me from the first try. Just to understand it clearly, you can’t complete the configuration if you add the source, i.e. >From the Configuration → Policies and Access Control → Authentication Sources, >Add

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

maybe assistance with FreeRADIUS Hello Eugene, in fact for 802.1x you need to use eapol_test instead of radtest. (http://deployingradius.com/scripts/eapol_test/) Also use the port 1812 instead of 18120. Regards Fabrice Le 2017-12-28 à 03:07, E.P. via PacketFence-users a écrit : Guys,

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

r 802.1x you need to use eapol_test instead of radtest. (http://deployingradius.com/scripts/eapol_test/) Also use the port 1812 instead of 18120. Regards Fabrice Le 2017-12-28 à 03:07, E.P. via PacketFence-users a écrit : Guys, I still hope someone with more experience with PF give me a hand

Re: [PacketFence-users] PKI installation

Great, will try to do it a bit later Thanks, Fabrice From: Fabrice Durand [mailto:fdur...@inverse.ca] Sent: Wednesday, January 03, 2018 12:26 PM To: E.P. Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] PKI installation Just for information, i uploaded a new

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

est instead of radtest. (http://deployingradius.com/scripts/eapol_test/) Also use the port 1812 instead of 18120. Regards Fabrice Le 2017-12-28 à 03:07, E.P. via PacketFence-users a écrit : Guys, I still hope someone with more experience with PF give me a hand with this trivial issue (i

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

c: Durand fabrice Subject: Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS Hello Eugene, in fact for 802.1x you need to use eapol_test instead of radtest. (http://deployingradius.com/scripts/eapol_test/) Also use the port 1812 instead of 18120. Regards Fabrice Le

  1   2   >