I recently upgraded my PacketFence install to 13.0.0 from 11.3.0 (in case this
is related).
I now have this issue where the captive portal is only available to those on
the Registration Vlan if the iptables service is turned off.
I have an interface assigned to Management, Registration and
I setup a Password type portal module to use a Password Of The Day for an
authentication source. I set the PID field to email and added email to the
Mandatory fields.
When someone authenticates using this captive portal module, the PID is set to
the username of the Password Of The Day
I eventually sorted it out. The problem was for a remote registration network
and something on the network had changed causing the return path to be
different in the routing.
From: Eric Rolleman
Sent: Friday, January 14, 2022 9:50 AM
To:
I am having issues connecting to the captive portal.
I checked to see if haproxy-portal is running and it is:
# /usr/local/pf/bin/pfcmd service haproxy-portal status
he end.
Regards
Fabrice
Le 19-08-22 à 14 h 32, Eric Rolleman via PacketFence-users a écrit :
I checked out a packetfence system setup by Inverse at my other job and noticed
that the certificate has some info above the "-BEGIN CERTIFICATE-" line:
"
Bag Attr
icate file from Lets Encrypt doesn't have this. Is that the problem?
____
From: Eric Rolleman via PacketFence-users
Sent: Wednesday, August 21, 2019 10:09 PM
To: packetfence-users@lists.sourceforge.net
Cc: Eric Rolleman
Subject: [PacketFence-users] Creating server.pe
I acquired a lets encrypt certificate manually (can't port forward HTTP from
the internet to my packetfence server). I replaced the server.crt, server.key
and intermediate.crt files. The admin interface is working with a valid cert.
I set up the server.pem file with the following commands:
cat
To ignore the certificate, I changed line 189 in Unifi.pm from
$ua->ssl_opts(verify_hostname => 0);
to
$ua->ssl_opts(verify_hostname => 0, SSL_verify_mode => 0x00);
certificate is ignored now.
____
From: Eric Rolleman via PacketFence-users
Sent:
be applied
via the usual maintenance patching process as long as you restore the
code to what you had before you changed it.
Best Regards,
- Julien
On 6/24/19 10:59 AM, Eric Rolleman via PacketFence-users wrote:
> My guess as to what is going on here is that
> $self->filterEngine->filter('Fin
Packetfence throws an error when attempting to de-auth a node:
Can't login on the Unifi controller: 500 Can't connect to 192.168.1.23:8443
(certificate verify failed)
How do I tell packetfence to ignore the unifi self signed cert? I don't see an
option in the switch config.
My guess as to what is going on here is that
$self->filterEngine->filter('Fingerbank', $f=ngerbank_args); could potentially
return multiple values, but not key-value pairs. Under this assumption I change
the code to this.
my @dhcp_filter_rule = ();
If your wireless controller is configured for MAC Auth then Packetfence doesn't
receive an AD username and password, only the MAC address. You would need to
change your wireless controller to just use RADIUS against Packetfence.
As far as I know the only way to accomplish what you want is to
_____
From: Eric Rolleman via PacketFence-users
Sent: Friday, June 21, 2019 8:05 PM
To: packetfence-users@lists.sourceforge.net
Cc: Eric Rolleman
Subject: [PacketFence-users] None of the web services start
systemctl status packetfence-httpd.webservices
Jun 21 19:31:41 pf systemd[
systemctl status packetfence-httpd.webservices
Jun 21 19:31:41 pf systemd[1]: Starting PacketFence Webservices Apache HTTP
Server...
Jun 21 19:31:45 pf packetfence[213849]: INFO -e(213849): generating
/usr/local/pf/var/conf/ssl-certificates.conf
No, haproxy was not started. It was complaining about my server.pem file. I had
edited the /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf with:
SSLCertificateFile %%install_dir%%/conf/ssl/server.pem
SSLCertificateKeyFile %%install_dir%%/conf/ssl/server.key
SSLCertificateChainFile
After I join wifi I am placed in the registration Vlan, however no Captive
Portal appears.
I can't bring up the Captive Portal page by typing in the URL manually either (
https://).
My management interface IP address is 192.168.1.22/16, my registration Vlan
interface IP is 10.0.21.252/24 .
How set when PacketFence changes the password.
I have a weekly password change set up using the Password of the day feature. I
want the change to happen every Monday early morning.
Thank you.
___
PacketFence-users mailing list
5%257C1%257C0%257C636909259168124486%26sdata%3DVrhADODlXJwQOHndAlVBzD%252Fv%252FGRiSy31V2KdGM7Flwc%253D%26reserved%3D0=02%7C01%7C%7C5c70b8b626b34b7d070608d6c1df4cb7%7C84df9e7fe9f640afb435%7C1%7C0%7C636909562137835121=5egtkvkGccHew38SnPDyfZ3fP3KDTyVug2CYUeib8UQ%3D=0>)
pr 14, 2019, at 12:34 PM, Eric Rolleman via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>>
wrote:
I need to help troubleshooting DHCP on my registration VLAN.
I used tcpdump to see if DHCP packets are making it to the packetfence server
and they are:
tcpdump: verb
I need to help troubleshooting DHCP on my registration VLAN.
I used tcpdump to see if DHCP packets are making it to the packetfence server
and they are:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.21, link-type EN10MB (Ethernet), capture size
h 17, Eric Rolleman via PacketFence-users a écrit :
I followed the instruction:
echo "[main]
dns=none" > /etc/NetworkManager/conf.d/99-no-dns.conf
Now DNS doesn’t work. I assumed there must be a place in the GUI to configure
DNS, but I didn’t find anything. DNS doesn’t work un
I followed the instruction:
echo "[main]
dns=none" > /etc/NetworkManager/conf.d/99-no-dns.conf
Now DNS doesn't work. I assumed there must be a place in the GUI to configure
DNS, but I didn't find anything. DNS doesn't work unless I remove that
configuration file and restart NetworkManager.
We have a PacketFence cluster setup at our main office that services 17 other
sites as well.
I am trying to setup the registration VLAN at the remote site. What I have done
thus far:
1. Create a routed network in PacketFence with the registration type and
enabled DHCP on it.
2.
troubleshoot-ise-00.html
Regards
Fabrice
Le 18-12-18 à 19 h 26, Eric Rolleman via PacketFence-users a écrit :
I had a dns-enforcement interface on the VLAN that the captive portal is
supposed to operate on. I think the captive portal brought up was a result of
the dns-enforcement ra
Le 18-12-12 à 16 h 44, Eric Rolleman via PacketFence-users a écrit :
Where do I change the SSL certificate for the portal?
I replaced the /usr/local/pf/conf/ssl/server.crt and
/usr/local/pf/conf/ssl/server.key files and restarted, but that only changed
the certificate used by the admin site, not
icate + the intermediate and the private key.
Regards
Fabrice
Le 18-12-12 à 16 h 44, Eric Rolleman via PacketFence-users a écrit :
Where do I change the SSL certificate for the portal?
I replaced the /usr/local/pf/conf/ssl/server.crt and
/usr/local/pf/conf/ssl/server.key files and restarted, but
I had radius + mac filtering turned on as and likely not configured correctly.
I turned it off and Unifi works.
From: Eric Rolleman via PacketFence-users
Sent: Wednesday, December 19, 2018 1:05 PM
To: packetfence-users@lists.sourceforge.net
Cc: Eric Rolleman
Subject: Re: [PacketFence-users
Thanks for the reply. I'll look into that.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
: Eric Rolleman via PacketFence-users
Sent: Tuesday, December 18, 2018 2:52 PM
To: packetfence-users@lists.sourceforge.net
Cc: Eric Rolleman
Subject: Re: [PacketFence-users] Captive Portal authorization Ruckus Interface
logging
I started tcpdump on packetfence to filter for traffic to my Ruckus
, if you can,
could you help me too?
Em ter, 18 de dez de 2018 às 00:20, Eric Rolleman via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>>
escreveu:
I followed the directions here:
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_sma
Friend, I have this same problem ... If I can identify I help you, if you can,
could you help me too?
Em ter, 18 de dez de 2018 às 00:20, Eric Rolleman via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>>
escreveu:
I followed the directions here:
https://packetfence.o
Friend, I have this same problem ... If I can identify I help you, if you can,
could you help me too?
Em ter, 18 de dez de 2018 às 00:20, Eric Rolleman via PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>>
escreveu:
I followed the directions here:
https://packetfence.o
the following message (:
[cid:image001.png@01D49625.663C2100]
The instructions tell me to type in a URL that is not supported...
From: Eric Rolleman via PacketFence-users
Sent: Wednesday, December 12, 2018 5:07 PM
To: packetfence-users@lists.sourceforge.net
Cc: Eric Rolleman
Subject: [PacketFence
Is there a log anywhere that I can look at to find out why clients aren't
getting authorized? I found the following dir: " /usr/local/pf/logs ", but none
of the logs appear to contain any data on why the my Ruckus Controller isn't
authorizing the client. Or if my configuration for the Web
Where do I change the SSL certificate for the portal?
I replaced the /usr/local/pf/conf/ssl/server.crt and
/usr/local/pf/conf/ssl/server.key files and restarted, but that only changed
the certificate used by the admin site, not the captive portal.
___
Eric,
On 2018-12-04 5:30 p.m., Eric Rolleman via PacketFence-users wrote:
> Does packetfence block all outside access to devices behind an inline
> configuration until the user has authenticated? I know it won't
> resolve DNS for anything, but if a user attempts to connect somewher
Does packetfence block all outside access to devices behind an inline
configuration until the user has authenticated? I know it won't resolve DNS for
anything, but if a user attempts to connect somewhere by IP and has not
authenticated yet, will packetfence let the user through?
37 matches
Mail list logo