Re: [PacketFence-users] Unable to install no matter what

yes it's strange when you try on the server , there is only one network card connected ? Le jeu. 18 avr. 2024 à 10:25, Laboratorio Tronic via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Somehow on another computer the ZEN package is working, I'll try to >

Re: [PacketFence-users] Unable to install no matter what

Hello Marco, Do you have a proxy between packetfence and the internet ? It sounds to me to be an external issue to packetfence. Regards Fabrice Le jeu. 18 avr. 2024 à 08:35, Laboratorio Tronic via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello hive mind, >

Re: [PacketFence-users] Connect Okta to PacketFence

Does it provide an ldap interface ? Le ven. 15 mars 2024 à 20:45, Alex Diaz via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Is it possible to connect Okta to PacketFence? > > thanks > > *Alex Diaz* > IT Manager > - > Learn more at kiavi.com >

Re: [PacketFence-users] Google SAML Integration

do you have some logs ? Le ven. 15 mars 2024 à 15:18, Christopher Jordan via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello, > > I'm trying to setup Google with SAML logins for the captive portal so > depending on there role it will assign them to the correct

Re: [PacketFence-users] PacketFence wont install

Debian 12 is not yet supported, we are working on it. Use Debian 11 instead Le ven. 15 mars 2024 à 13:30, Alex Diaz via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello, > I have a new Deian 12.5 env that I am trying to install PacketFence on but > it is not

Re: [PacketFence-users] DA authentication problems

I think you will need to delete the machine account on the AD side and rejoin the packetfence server. Le ven. 15 mars 2024 à 15:36, Nolberto Delgado via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > DA authentication problems > > > Good morning, I am trying to

Re: [PacketFence-users] Empty Radius Audit Logs page

Normally we fixed the issue in 13.0 (maintenance) and 13.1. Once you upgrade to the latest version, be sure that you restarted all services. If it is still not working then can you paste the pfcron.log file to see if there are any errors ? Le mar. 23 janv. 2024 à 15:58, Thomas Michel via

Re: [PacketFence-users] CP Sponsor authentication module page configuration

Hello Mourtouza, yes it's possible and can be done in the locale file. edit this file https://github.com/inverse-inc/packetfence/blob/devel/conf/locale/fr/LC_MESSAGES/packetfence.po#L1352 and remplace "Courriel du sponsor" by "Email du Responsable Invité" and save the file. Once done: cd

Re: [PacketFence-users] Cisco WLC and guest reconnect issue (CoA)

Hello Levgen, can you provide the packetfence.log snippet when you register on the portal ? Regards Fabrice Le ven. 5 janv. 2024 à 08:18, Ievgen Lepekha via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi, all, > > Need help. > > > > I was integrate PacketFence 13

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

t;>> section. >>> Oct 31 07:48:25 packetfence systemd[1]: >>> packetfence-radiusd-auth.service: Control process exited, code=exited, >>> status=1/FAILURE >>> Oct 31 07:48:25 packetfence systemd[1]: >>> packetfence-radiusd-auth.service: Failed

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

so you can try with the Cisco::Cisco_IOS_15_0 switch module and do 802.1x Le mar. 31 oct. 2023 à 15:31, Akram Abdallah a écrit : > It supports 802.1x without mab > > On Tue, 31 Oct 2023, 8:01 pm Fabrice Durand, wrote: > >> does it support radius mab/802.1x ? >> >> Le mar. 31 oct. 2023 à 13:22,

Re: [PacketFence-users] Query AzureAD Device Groups

it could be something simple like allowing the graph api url change in the admin gui. Then you will choose between device check and user check. Le mar. 31 oct. 2023 à 14:17, Corey Keeling (Shared Services - Staff) < corey.keel...@parksidecc.org.uk> a écrit : > From looking at that file you

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

> Oct 31 07:48:25 packe > > > Regards > > Hubert > > Am 30.10.23 um 14:51 schrieb Fabrice Durand via PacketFence-users: > > Hello, > > it looks that the packetfence radius config didn't applied correctly. > > Go in /usr/local/pf/conf/radiusd/ and copy packet

Re: [PacketFence-users] Cisco CBS 220 switch with packetfence

does it support radius mab/802.1x ? Le mar. 31 oct. 2023 à 13:22, Akram Abdallah via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Is the Cisco CBS 220 switch compatible with Packetfence ? > > ___ > PacketFence-users mailing

Re: [PacketFence-users] How to change the host name in PF?

https://mgmt_ip:1443/admin#/configuration/general and hostnamectl set-hostname server1 Regards Fabrice Le mar. 31 oct. 2023 à 13:23, Thirunavukkarasu Palanisamy via PacketFence-users a écrit : > Hi Team, > Greetings of the day > I tried to change the hostname of the PF in web-admin. > Even

Re: [PacketFence-users] Query AzureAD Device Groups

If i am not wrong the Azure AD test the user and not the machine https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Authentication/Source/AzureADSource.pm#L28 Regards Fabrice Le mar. 31 oct. 2023 à 13:23, Corey Keeling (Shared Services - Staff) via PacketFence-users a écrit : > Dear

Re: [PacketFence-users] No internet in the Registration vlan

Hello, it's normal that you don't have internet access fron the registration vlan, the goal is to hit the captive portal. Regards Fabrice Le lun. 30 oct. 2023 à 06:56, Thirunavukkarasu Palanisamy via PacketFence-users a écrit : > Hi Team, > Plz go thro the configuration > Registration vlan 2

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

Hello, it looks that the packetfence radius config didn't applied correctly. Go in /usr/local/pf/conf/radiusd/ and copy packetfence.example to packetfence and restart radiusd Regards Fabrice Le lun. 23 oct. 2023 à 07:59, Hubert Kupper via PacketFence-users <

Re: [PacketFence-users] PEAP-TLS Get's seen as EAP Mschapv2 without password.

Hello, is it possible to run raddebug and have the output ? raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 Thanks Fabrice Le lun. 30 oct. 2023 à 06:56, Anton Palmgård via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > *From:* Anton.P > *Sent:* Wednesday,

Re: [PacketFence-users] VL: PF-Newbie: Radius MAC -Auth and RADIUS debug config

Hello Jori, you can use raddebug for that: raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 Regards Fabrice Le lun. 23 oct. 2023 à 08:00, Jori Luoto via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello everybody, > > > I have installed Packetfence three

Re: [PacketFence-users] PacketFence - nodes with fixed ip

Hello Daniel, you can probably rely on the radius accounting. Activate it and see if the ip address of the device appear in the request. If it's the case then enable update iplog on radius accounting in PacketFence. Regards Fabrice Le mer. 2 août 2023 à 10:04, Krüger, Daniel via

Re: [PacketFence-users] Help on AD and Realms conf on PF cluster

Hello Adrian, in fact when the doc say to join then it a samba join. So each servers needs to be joined to the domain (you should see a machine account for each of them in the AD). Regards Fabrice Le jeu. 22 juin 2023 à 11:54, Adrian Dessaigne via PacketFence-users <

Re: [PacketFence-users] freeRADIUS Migration - PacketFence Deployment

Hello Cory, Yes, of course you can use PacketFence local authentication without any Windows AD integration. There are multiple ways but the simplest is to use the local PacketFence database to authenticate the users. It's also possible to interact with a LDAP server to do the 802.1x

Re: [PacketFence-users] (no subject)

Hello, what you can do is just to set -1 in the registration role (switch config), then unregister devices will be rejected. Regards Fabrice Le mar. 9 mai 2023 à 08:27, Mhmt U via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi All, > > > > I trying to configure

Re: [PacketFence-users] Captive Portal and DACLs problems on version 12.2 (Aruba 2930M)

Hello Yassine, I backported a fix for that on 12.2 , the new package should be available tomorrow. Regards Fabrice Le mar. 9 mai 2023 à 08:28, TISSIR, Yassine via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Still stuck on the same problem > Any suggestion would be

Re: [PacketFence-users] Administrative Rule RADIUS Reply

Hello guys, the issue looks to be the REST-Http-Status-Code and it should be 401. I have checked the code and it looks to be ok. Here ( https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L1045) we return $RADIUS::RLM_MODULE_FAIL who should return a 401 (

Re: [PacketFence-users] 802.1X fails authentication - No role computed by any sources - registration failed

ah ah there is a guy who replied on reddit https://www.reddit.com/r/PacketFence/comments/12pw62q/8021x_fails_authentication_no_role_computed_by/ Le mar. 18 avr. 2023 à 18:09, Dan Clancey via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello - > > I am currently in

Re: [PacketFence-users] greenbone-openvas integration no more possible?

Hum yes, it's been a while we didn´t tested that , so the newest version is not supported. Le mar. 18 avr. 2023 à 18:08, sgiops sgiops via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello > > The PF documentation is still reporting that openvas is supported and the

Re: [PacketFence-users] FW: winbox radius login

I mean on the client side. Le mer. 5 avr. 2023 à 04:25, Артур Беляков a écrit : > turned off ms-chapv2, but the error did not change > > > > -- > *От:* Fabrice Durand > *Отправлено:* 4 апреля 2023 г. 18:26:41 > *Кому:* Артур Беляков > *Копия:*

Re: [PacketFence-users] FW: winbox radius login

it looks that it's mschapv2 authentication, it's why it try to use ntlm_auth. If you can change it to pap to test. Le mar. 4 avr. 2023 à 10:58, Артур Беляков a écrit : > I set up AD authentication source, is that not enough to work? h3c > authentication works > -- >

Re: [PacketFence-users] FW: winbox radius login

Hello, ntlm_auth is not able to communicate with winbindd, did you join the server to the domain ? Regards Fabrice Le mar. 4 avr. 2023 à 10:19, Артур Беляков via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > > > hi, I'm trying to make authorization on winbox through

Re: [PacketFence-users] After restart of server packetfence service can never start

Hello Filip, do you have more logs to provide ? like do a journalctl -f and paste it. Regards Fabrice Le mar. 4 avr. 2023 à 10:18, Filip Miskic via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello, > > I'm using Debian 11 from AWS to spin up an instance of

Re: [PacketFence-users] Job for packetfence-radiusd-eduroam.service failed because the control process exited with error code

Hello, you have something listening on the port 11812 yet, can you do that to see what process is using it ? : netstat -nlp| grep 11812 Regards Fabrice Le mar. 4 avr. 2023 à 10:19, P.Thirunavukkarasu via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi Team, >

Re: [PacketFence-users] Impossible to change switch identifier via gui - workaround?

Hello Yannik, just clone the switch, set a different identifier then delete the old one. Regards Fabrice Le ven. 31 mars 2023 à 15:10, Yannik Sembritzki via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Anybody have an idea which services to reload after editing >

Re: [PacketFence-users] Add Session-Timeout attribute

Hello, check the radius filters. Regards Fabrice Le lun. 27 mars 2023 à 20:04, jhyanagi via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello PacketFence users, > > Is there any way to add Session-Timeout as a RADIUS attribute? > > It looks like it could be

Re: [PacketFence-users] PF12.2 out-of-band routed mode not working - No DNS or Captive Portal

Hello Andrew, you will have to provide the networks,conf and pf.conf file in order to understand the issue. And what is 172.0.0.2 ? is it defined somewhere ? Regards Fabrice Le ven. 17 mars 2023 à 16:39, Andrew Torry via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : >

Re: [PacketFence-users] DACL not applied to the switch interface

Hello Mirko, what switch module are you using in PacketFence for this switch ? Can you try the Catalyst_2960 ? Regards Fabrice Le jeu. 16 mars 2023 à 09:02, sgiops sgiops via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Just upgraded to 12.2 (i was on 12.1) but

Re: [PacketFence-users] Unifi switch CoA support

Based on the code, it's not supported (i did it a long time ago) and you have to use the snmp method to reevaluate the access. Btw if you are able to configure it on the switch side then the packetfence switch module will need to be adapted. Regards Fabrice Le mer. 15 mars 2023 à 16:29, Francis

Re: [PacketFence-users] Unable to 'preview' HTML files in 'Connection Profile->Files' in Admin GUI on PF12.1

Hello Andrew, i am able to reproduce on my side, we are looking on it. Regards Fabrice Le mer. 15 mars 2023 à 08:32, Andrew Torry via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > RESTRICTED > > Is it just me but when I preview an entire profile it works fine but if

Re: [PacketFence-users] EAP-TLS Configuration

d to create a new connection profile or could I just use the > default profile to start with? > > > > Kind regards > > Johannes > > > > > > *Von:* Fabrice Durand via PacketFence-users [mailto: > packetfence-users@lists.sourceforge.net] > *Gesendet:* Mittwoch, 15.

Re: [PacketFence-users] EAP-TLS Configuration

Hello Johannes, in fact you can follow this to create the certificates needed for eap-tls. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_certificate_authority_creation Once you have created the ca certificate and applied it in the radius section. ``` Once done copy the

Re: [PacketFence-users] Unifi switch CoA support

Hello Francis, if i am not wrong you should be able to see the option if you switch to the legacy view of the controller. Also you can connect on the AP (ssh) and see if the port 3799 UDP is listening. Regards Fabrice Le mar. 14 mars 2023 à 15:50, Francis via PacketFence-users <

Re: [PacketFence-users] packetfence newb here - basic setup question

Hello Alex, do you have the pfdhcp server running ? Can you paste the networks.conf file ? Regards Fabrice Le sam. 11 mars 2023 à 07:48, Alex Rubenstein via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > No clues here? > > > > > > > > *From:* Alex Rubenstein > *Sent:*

Re: [PacketFence-users] Issue with PacketFence 12 and Cisco WLC

Hello Andrew, since it's just cisco wlc related, then you can put this function in WLC.pm instead. What you can do is to open a PR on github with your change, we will review it and merge it in the code base. Regards Fabrice Le lun. 27 févr. 2023 à 16:14, Andrew Torry via PacketFence-users <

Re: [PacketFence-users] Login incorrect for authentication process from Wondows login

Hello Didier, Rejected in post-auth means that it has been rejected by the logic in PacketFence. Verify in the packetfence.log file to see what happens exactly when the device connects. Regards Fabrice Le mer. 1 févr. 2023 à 07:24, Didier Walraet via PacketFence-users <

Re: [PacketFence-users] Cluster auto sync

Hello Alexander, You can try to add files path in /usr/local/pf/conf/cluster-files.txt to add extra files to sync. Also you can do /usr/local/pf/bin/cluster/sync --as-master Regards Fabrice Le mer. 1 févr. 2023 à 07:24, Alexander via PacketFence-users < packetfence-users@lists.sourceforge.net>

Re: [PacketFence-users] How do I exempt autoregistration in a connection profile when node has role REJECT?

Hello David, you have multiple solutions. The first one is to use the filter in the connection profile and the order of the connection profiles. So in advanced filter you can have category equals REJECT and ssid equals secure_ssid and have an authentication source of type black_hole assigned to

Re: [PacketFence-users] doubts MD5 configuration

Hello, it should work as is. Can you post the raddebug output ? raddebug -f /usr/local/pf/var/run/radius.sock -t 300 Fabrice Le ven. 23 déc. 2022 à 18:25, Renato Pereira via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi all, > > I have same doubts, I need

Re: [PacketFence-users] New with Captive portals

Technically yes but PacketFence doesn´t support it with webauth. What you can do since the server is in the cloud is to use the fqdn of the server (i believe there is one by default) and use it as the captive portal url. Le mar. 13 déc. 2022 à 14:28, Ahiya Zadok a écrit : > Thank you, Fabrice.

Re: [PacketFence-users] issue with re-authentification after portal validation

Hello Julien, it looks that you enabled "Deauth on previous switch" in the switch configuration for 172.16.252.100 (packetfence side). Disable it and retry. Regards Fabrice Le lun. 12 déc. 2022 à 08:55, Julien Dejean via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : >

Re: [PacketFence-users] From NPS to PacketFence - Regarding

Hello Thirunavukkarasu, yes you can do it, just add a new switch in PacketFence (use the generic switch module) , set a radius shared secret and restart radiusd. Regards Fabrice Le lun. 12 déc. 2022 à 08:55, P.Thirunavukkarasu via PacketFence-users < packetfence-users@lists.sourceforge.net> a

Re: [PacketFence-users] New with Captive portals

Hello Ahiya, you have to change the domain and hostname there: https://pf_mgmt_IP:1443/admin#/configuration/general Regards Fabrice Le lun. 12 déc. 2022 à 08:55, Ahiya Zadok via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi all > > > I'm setting up a captive

Re: [PacketFence-users] Upload speed on inline networks

Hello Leonardo, did you try the speed test directly on the packetfence server to compare ? Regards Fabrice Le mar. 13 déc. 2022 à 11:31, Leonardo Izzo I.T.S. via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi, doing a speed test on PKF's inline networks, both

Re: [PacketFence-users] RADIUS Audit Logs - RADIUS Request empty

Hello Guys, the issue is because of the sql buffer is not big enough to store the content of the request. I tried to do a patch to raise the size in FreeRADIUS but it created issue in the proxy module. So it will be fixed when packetfence will use the FreeRADIUS v4 version. Regards Fabrice Le

Re: [PacketFence-users] ldap authentication failed

Hello Nikunj, you can use ldap for peap only if you can grab the password in clear text or with NT-Hash http://deployingradius.com/documents/protocols/compatibility.html So how do you configure that ? Or join the packetfence server to the domain. Regards Fabrice Le mer. 23 nov. 2022 à

Re: [PacketFence-users] New v12.1 - RADIUS - Configure the Eduroam source

Hello Thirunavukkarasu, in the authentication source , add a new RADIUS source (like tlrs1.eduroam.us ) and after create the eduroam source where you will select the RADIUS source you created previously. Regards Fabrice Le mer. 23 nov. 2022 à 08:46, P.Thirunavukkarasu via PacketFence-users <

Re: [PacketFence-users] Disable default connection profile

Hello James, trying to remove the default profile is not a good idea since if no profile matches then nothing will work. The default is the last resort one if no one matches , so be sure to have one who matches your filter (like the ssid) and keep the default one. Regards Fabrice Le mer. 16

Re: [PacketFence-users] Audit Logs History

Hello Alexander, have a look here: https://mgmt_ip:1443/admin#/configuration/maintenance_task/radius_audit_log_cleanup and change the window value. Regards Fabrice Le lun. 14 nov. 2022 à 09:24, Alexander via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello.

Re: [PacketFence-users] DHCP issues on registration network both 11.2 & 12.0

Hello, i was able to replicate and push a patch in the maintenance 12.0 to fix the mysql pool backend. https://github.com/inverse-inc/packetfence/commit/f4685bd3318cb2282a36654b7cdb3daa3583c3c3 https://github.com/inverse-inc/packetfence/commit/4e9ae1c39b7a33b0859fe3a7a93c9552c6e969c7 The

Re: [PacketFence-users] Windows client automatically login using hostname and hit non-exist realm

Hello Irvan, yes it's normal, we did some unlang to mimic the way the realm is set when packetfence receives a machine authentication. https://github.com/inverse-inc/packetfence/blob/devel/raddb/policy.d/packetfence#L36 Regards Fabrice Le ven. 4 nov. 2022 à 08:34, Irvan via PacketFence-users

Re: [PacketFence-users] packetfence freeipa (ldap) mschapv2 not working

The answer is in the packetfence.log file. Paste it when you connect. Le lun. 31 oct. 2022, 18 h 23, Alexander a écrit : > thank you very much! I achieved what was described by changing the base > config. i Get* [mschap] = ok. * But I am now getting a different error! > Could you see the file

Re: [PacketFence-users] packetfence freeipa (ldap) mschapv2 not working

Hello Alexander, the difference is on the default radius config, it calls the ldap module in the authorize section. You can follow this logic in https://github.com/inverse-inc/packetfence/tree/devel/addons/nthash_AD_attribute (it´s based on freeradius 2 but the logic is there) ``` authorize {

Re: [PacketFence-users] How to change freeradius auth and acct ports?

Hello Alexander, it can be done in the configuration file /usr/local/pf/conf/radiusd/auth.conf ``` Le jeu. 27 oct. 2022 à 08:20, Alexander via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > > Hello friends, please tell me, how to change auth and acct ports on >

Re: [PacketFence-users] How to change freeradius auth and acct ports?

listen { ipaddr = [% ip %] port = 1234 type = auth virtual_server = [% virtual_server %] } Le jeu. 27 oct. 2022 à 08:39, Fabrice Durand a écrit : > Hello Alexander, > > it can be done in the configuration file > /usr/local/pf/conf/radiusd/auth.conf > > ``` > > >

Re: [PacketFence-users] Issues with machine authentication using MS-CHAPv2

Hello Matthies, can you provide the radius debug section where you can see the call to ntlm_auth ? Regards Fabrice Le lun. 24 oct. 2022 à 11:29, Matthies, Heiko via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello, > > > > I troubleshooted this issue a little

Re: [PacketFence-users] Multiple ACLs and Aruba 6300M

Hello Regimantas, alright, sorry for the delayed response. So let's follow these steps and see what happens on the switch. First edit this file (/usr/local/pf/raddb/mods-config/files/authorize) and add at the end (replace 02-00-00-00-00-00-00 by the mac address of the device you are testing

Re: [PacketFence-users] Role-Based CLI Access

You can only do that with tacacs not with radius. The only thing you can do is to give read/write access to the switch, not define the command you can use. Le mar. 18 oct. 2022 à 16:33, DeSantos, Matthew via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > I’m also

Re: [PacketFence-users] No DHCP working after Upgrade to PF12

Hello Dennis, we will investigate and be back with a patch. Btw it looks like the issue appeared when we changed the db to utf8. Regards Fabrice Le lun. 17 oct. 2022 à 09:50, Schüller Dennis via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hey All, > > I’ve

Re: [PacketFence-users] Multiple ACLs and Aruba 6300M

Hello Regimantas, i would like to see this fixed since it´s a issue we saw a lot of time on the mailing list. Since i don´t have a aruba switch on my side, is it possible to configure freeradius to use the file to answer the radius request and see the result with raddebug ? With that we will be

Re: [PacketFence-users] Multiple ACLs and Aruba 6300M

Let me prepare on my side the config and i will share with you what needs to be done in the freeradius config. I will be back to you shortly. Le mar. 18 oct. 2022 à 08:38, Regimantas Pabrėža < regimantas.pabr...@limedika.lt> a écrit : > Sure I would like to get it resolved. > > > > 802.1X

Re: [PacketFence-users] Packetfence Authentication fails with Module-Failure-Message = "chrooted_mschap: No logon servers are currently available to service the logon request

Hello Stephen, it´s a reply from winbindd, so check if you server is correctly joined and maybe restart packetfence-winbindd. Also you can go in the chroot like that: chroot /chroot/"you domain name" wbinfo -P it should return the connected AD server. Regards Fabrice Le jeu. 22 sept. 2022 à

Re: [PacketFence-users] Auth Failed with openldap 【2nd Try】

for your reply , the raddebug log & ldap config as attachment for > your reference > > -- > Weijun Liang > best regard, > > > *发件人：* Fabrice Durand via PacketFence-users > > *发送时间：* 2022-09-22 09:59 > *收件人：* packetfence-users > *抄送

Re: [PacketFence-users] Auth Failed with openldap 【2nd Try】

Hello, it´s something like that you have to follow. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eap_authentication_against_openldap It´s been a long time i did that and it will probably needs to be adjusted. Let me know how it goes and provide me raddebug log if

Re: [PacketFence-users] PacketFence captive portal quickstart

Hello Marco, you can try the inline setup. One interface is configured as inline l2 and the other one as the management interface (facing internet) So when you plug something in the inline network you should be able to see the portal. (it´s really the first thing you need to achieve) Btw you will

Re: [PacketFence-users] radius enforcement for captive portal on wifi controller

Hello Leonardo, it´s more like a cli/vpn authentication you are doing. So you can try the OpenVPN switch module , use the port 1815 and assign the authentication source to the default profile and you should be close. Btw check the logs when packetfence receive the radius request (radius audit logs

Re: [PacketFence-users] troubleshooting ideas Radius Authentication - 802.1X connections

Hello Damian, you can have a look at the radius audit log. You will see an entry by connection. Regards Fabrice Le mar. 13 sept. 2022 à 15:52, Damian Mendoza via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Setting up Packetfence with 802.1X authentication to lock

Re: [PacketFence-users] Latest PacketFence and Cisco 3560 switch - ran into issue connecting to network after Authentication

Hello Damien, it looks to be a deauth issue. Can you paste the switches.conf (just the switch section you are testing with) and the show run on the switch itself ? Regards Fabrice Le mar. 13 sept. 2022 à 13:35, Damian Mendoza via PacketFence-users < packetfence-users@lists.sourceforge.net> a

Re: [PacketFence-users] Deleted user, LDAP attributes not retrieved again on recreation

Hello Alex, there is a cache in PacketFence for that. Try that: /usr/local/pf/bin/pfcmd cache person_lookup clear Regards Fabrice Le mar. 13 sept. 2022 à 09:52, Aleix Dorca Josa via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi, > > I have this minor issue that

Re: [PacketFence-users] Ruckus cloud

Hello Luka, I did some work on that, 802.1x autoreg is ok but the external portal needs some work. I have a POC working but the PacketFence´s Radius server needs to be reachable from the internet (radsec). Regards Fabrice Le mar. 13 sept. 2022 à 09:52, Luka Hrvatin via PacketFence-users <

Re: [PacketFence-users] Bypass for static ip host

Hello, you can add it in the ipset session. Check ipset -L to list the ipset session then ipset add Fabrice Le sam. 3 sept. 2022, 08 h 46, Leonida via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi everyone, in an inline configuration I would have to let a host

Re: [PacketFence-users] [External] [External] Domain Joining PacketFence Fails

the WORKGROUP is the pre-windows-2000 name and the dns_name is the dns format. If i am not wrong when you edit a user in Users and computers you should be able to see both. Le mar. 23 août 2022 à 15:52, Nate Breeden a écrit : > Hey Fabrice, > > > > I just tried them in all caps, still the

Re: [PacketFence-users] [External] [External] Domain Joining PacketFence Fails

Iptables looks to be ok. But are you sure about workgroup=domain.Local ? Also put dns_name and workgroup in uppercase . Le mar. 23 août 2022 à 15:09, Nate Breeden a écrit : > [DOMAINNAME] > > dns_name= DOMAINNAME.Local > > dns_servers=10.0.1.15 > > server_name=%h > > ou=Domain Computers > >

Re: [PacketFence-users] [External] Domain Joining PacketFence Fails

Hello, can you show me the content of conf/domain.conf and also the result of iptables -L -n -v -t nat Regards Fabrice Le mar. 23 août 2022 à 14:25, Nate Breeden via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hey Aaron, > > > > My DCs are using Server 2019, also

Re: [PacketFence-users] 802.1x computer + user

create 2 connection profiles (802.1x and mac-auth) and 2 authentication sources (one for secure and the other one for mac-auth). Associate the first authentication source on the secure portal and the 2nd one to the mac-auth portal. Now you just need to play with the authentication rules on each

Re: [PacketFence-users] 802.1x role error

Hello José, IMO you should create 2 connection profiles, one for MAB (filter connection_type = Ethernet-NoEAP) and another one for 802.1x (filter connection_type = Ethernet-EAP). Once done, assign the correct authentication source to the MAB profile (sources you will see on the portal) . On the

Re: [PacketFence-users] 802.1x computer + user

Hello José, you have to combine 2 authentication sources, one for the user and the other for the computer. The difference between the 2 will be the username attribute , for user it´s sAMAccountName and for computer it´s userPrincipalName (btw create authentication rules for user and machines) So

Re: [PacketFence-users] Radius Authentication Source Timeout for 2FA

ok easy. edit the rest.conf file in conf/radiusd and at this line add ( https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/rest.conf.example#L194 ): timeout = 60.00 Then restart radius-auth Le jeu. 14 avr. 2022 à 21:49, Benjamin Shirley - Simplicity <

Re: [PacketFence-users] Aruba CX documentation

Thanks, it will be really appreciated. Le jeu. 14 avr. 2022 à 21:42, Karl Stevens a écrit : > Thanks Fabrice, I've found that too - I'm working through it and have it > mostly working now. Once I'm done I'll try to write up my findings and > make a pull request on the Packetfence docs. > > On

Re: [PacketFence-users] Aruba CX documentation

Hello Karl, the switch module has been tested but the configuration has never been retrieved. I found some documentation about 802.1x mac-auth, you can try the examples in this doc: https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-7885.pdf Regards Fabrice Le jeu. 14 avr. 2022 à

Re: [PacketFence-users] Packetfence config related fallback plan

probably a misconfiguration issue. https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_packetfence_configuration_modification_first_server_only Notice host=127.0.0.1 if you forgot that then it means that each server will use the local database instance to insert and it will result

Re: [PacketFence-users] Radius Authentication Source Timeout for 2FA

Hello Benjamin, first you need to raise the timeout value of the radius-auth service. You should be able to do it there: https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/auth.conf.example#L23 and add that: ``` limit { max_connections = 16 lifetime = 0

Re: [PacketFence-users] MS-CHAP2-Response is incorrect

Hello Nicat, can you run this command and try to connect ? raddebug -f /usr/local/pf/var/run/radiusd.sock -t 300 Then paste the output. Regards Fabrice Le mer. 30 mars 2022 à 08:54, Nijat Sultanov via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi there, > I was

Re: [PacketFence-users] STUCK ON VERIFYING

It´s like the switch never receives the radius reply. i would suggest to capture the traffic to see what happen. Le mer. 30 mars 2022 à 08:54, David Kitonga via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Ok. > > Setup > > > > Cisco 3850 > > Windows 11 endpoint > >

Re: [PacketFence-users] Unifi APs and Packetfence

Hello Adrian, I deal with that sometimes and it's supposed to be the NAS that sends the Framed-MTU attribute. Are you able to see it in the request ? Can you change it on the AP side ? Also if you change it on the freeradius side i don´t think it will change anything. Regards Fabrice Le mar.

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Just like that: [image: image.png] Le dim. 20 mars 2022 à 07:39, P.Thirunavukkarasu a écrit : > Hi Fabrice, > Thank you and Sorry for the question... > > *Create the connection profile for outbound authentication* > *"Create the Connection Profile named External Eduroam authentication > Check

Re: [PacketFence-users] New Currency Paypal

Hello Dennis, you can add it there, it should work. https://github.com/inverse-inc/packetfence/blob/devel/html/pfappserver/lib/pfappserver/Form/Config/Source/Billing.pm#L64 Regards Fabrice Le ven. 18 mars 2022 à 09:46, Schüller Dennis via PacketFence-users <

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Hello Thirunavukkarasu, the realm eduroam is define in the freeradius unlang, so if the logic detect that it´s an outbound authentication then the realm eduroam will be added in the request. For the DEFAULT one you should use your domain for that. Regards Fabrice Le ven. 18 mars 2022 à 09:45,

Re: [PacketFence-users] Palo Alto XML API roles

Hello Torem, i don´t have a Palo Alto on my side but if it works by just allowing the User-ID part then we will have to adjust our documentation. Regards Fabrice Le ven. 18 mars 2022 à 09:45, Toren Smith via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Just a quick

Re: [PacketFence-users] ERROR: Server returned no data

Hello Tomas, try that (conff/radiusd/rest.conf): https://github.com/inverse-inc/packetfence/commit/5ee142d9ba6ce457c10967013fa11a361caa9694 Regards Fabrice Le ven. 11 mars 2022 à 10:12, tomas.rybicka via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Dear Packetfence

Re: [PacketFence-users] Issue after upgrading the packetfence - Regarding

Hello Thirunavukkarasu, do that instead: /usr/sbin/freeradius -d /usr/local/pf/raddb -n auth -fxx -l stdout and paste the output. Regards Fabrice Le ven. 11 mars 2022 à 10:12, Thirunavukkarasu Palanisamy via PacketFence-users a écrit : > Hi Team, > Greetings of the day > > After upgrading

  1   2   3   4   5   6   7   >