[PacketFence-users] PF 6.2.1 how to use PDC AND BDC for 802.1x ??

2016-10-26 Thread Holger.Patzelt 
Hi,

we do 802.1x wired auth with pachetfence, wich works as expected, until we have 
to boot our Primary Domain Controler (PDC), wich is configured in the Packet 
Domain Config.
There is only one field for THE Server. How do I configure the BDC,too?

Please Help
Thanks,
Holger
--
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] MySQL login fails

2016-10-21 Thread Holger.Patzelt 
Hi,

are you sure, the database is up at all? And you are using the same character 
sets, when typing blind into the web-interface as when setting it up in the 
console?
This sort of error is seldom for Americans, but for people from the rest of the 
world one has to take care of this…

Bye,
Holger

Von: B McLellan [mailto:bob.mclel...@gmail.com]
Gesendet: Donnerstag, 20. Oktober 2016 13:24
An: packetfence-users@lists.sourceforge.net
Betreff: [PacketFence-users] MySQL login fails

Hi,

I'm trying to run the initial config on a new packetfence install and I get as 
far as step 4 'Packetfence' but clicking the continue button does not progress 
to the next step. In /usr/local/pf/logs/packetfence.log I see


 FATAL: unable to connect to database: Access denied for user 'pf'@'localhost' 
(using password: YES) at /usr/local/pf/lib/pf/version.pm 
line 42.

This doesn't make sense as I'm sure the password I supplied is correct. I've 
even tried restarting mysql with --skip-grant-tables to be sure that auth isn't 
causing an issue.

This has happened on and a Debian Jessie install using the deb package and on a 
ZEN deployment. Has anyone else seen this behaviour? Am I doing something 
stupid in the setup?

Bob

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Windows7 802.1x

2016-10-17 Thread Holger.Patzelt 
Hi Folks,

does anyone of you use 802.1x auth with Windows 7?

Our Clients sometimes don't get an IP-Adress after auth.
(They are already authenticated successfully)

Bye,
Holger

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auditing Page shows wrong Created_at dates

2016-09-22 Thread Holger.Patzelt 
Hello Louis,

do You have any ideas, where I have to look for the problem?

bye

Von: Patzelt, Holger
Gesendet: Donnerstag, 15. September 2016 16:27
An: packetfence-users@lists.sourceforge.net
Betreff: [PacketFence-users] Auditing Page shows wrong Created_at dates

Hi Folks,

in our installation (ZEN 6.2.1) the Auditing Page shows the "created_at" times 
wrong.
Could it be, that the page tries to interpret already converted times?
The Times on the Nodes Page (if you enable Registration Date Column eg.) seem 
to be right.
(The switches use ntp as the packetfence Server does, too.)

Any ideas??

Bye,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] packetfence.org down ??

2016-09-20 Thread Holger.Patzelt 
Ah. Okay.
Nice to see, it is up again. ☺
Hope, you hadn’t too much trouble getting it up and running again.

Regards,
Holger

Von: Louis Munro [mailto:lmu...@inverse.ca]
Gesendet: Dienstag, 20. September 2016 15:44
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] packetfence.org down ??

Hi Holger,
Yes, the website was down part of yesterday.

A hardware failure I'm afraid.


On Sep 19, 2016, at 12:33 PM, 
> 
> wrote:

Hi,

packetfence.org doesn’t answer.
Has anyone the same problems?



Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] packetfence.org down ??

2016-09-20 Thread Holger.Patzelt 
Hi,

packetfence.org doesn't answer.
Has anyone the same problems?

Bye,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Auditing Page shows wrong Created_at dates

2016-09-15 Thread Holger.Patzelt 
Hi Folks,

in our installation (ZEN 6.2.1) the Auditing Page shows the "created_at" times 
wrong.
Could it be, that the page tries to interpret already converted times?
The Times on the Nodes Page (if you enable Registration Date Column eg.) seem 
to be right.
(The switches use ntp as the packetfence Server does, too.)

Any ideas??

Bye,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] ANN: PacketFence v6.1.0

2016-06-22 Thread Holger.Patzelt 
☺
Yeah, thanks. that helped


--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
Pascalstr. 11, 10587 Berlin
Telefon: +49 30 8353 84591  Telefax: +49 30 8353 84429 (Tel)
E-Mail: holger.patz...@t-systems.com

Von: Louis Munro [mailto:lmu...@inverse.ca]
Gesendet: Mittwoch, 22. Juni 2016 17:15
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] ANN: PacketFence v6.1.0


--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Jun 22, 2016, at 11:05 , 
> 
> wrote:

Checking configuration sanity...
FATAL - The PacketFence database schema version '6.0.0' does not match the 
current installed version '6.1.0'
Please refer to the UPGRADE guide on how to complete an upgrade of PacketFence


Actually, the upgrade guide mentions running the db/upgrade-6.0.0-6.1.0.sql 
script.
But, unfortunately there’s an error in the script in 6.1.0.

That has been fixed in 6.1.1.
Just do a
# yum clean all --enablerepo=packetfence
# yum upgrade packetfence

and you will get the corrected version of the script.




The update Guide says:
"Once completed, update the file /usr/local/pf/conf/currently-at to match the 
new release number (PacketFence 6.1.0)."

But as the file does not exist on this (was-ZEN-6.0.0) installation, and the 
update-Document does not tell its format or exact contents,
I am stuck again...

Run
# /usr/local/pf/bin/pfcmd version > /usr/local/pf/conf/currently-at

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unreg user of captive portail witch a click button

2016-06-14 Thread Holger.Patzelt 
Hi Pierrick,

I'm not sure, why this would make sense, because what happens if they don't?
Why should they. How do you want to react on those who don't?

If you want them to be off after some time, set the unregister time accordingly 
and you're done.

bye



Von: prost pierrick [mailto:pierrick.pr...@cnrs.fr]
Gesendet: Dienstag, 14. Juni 2016 10:19
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] Unreg user of captive portail witch a click 
button

Hi,

No one has this use case ?


Regards.

De : PROST pierrick
Envoyé : lundi 13 juin 2016 16:36
À : 
packetfence-users@lists.sourceforge.net
Objet : RE: Unreg user of captive portail witch a click button

I hope that my question is clear :).  Users could have to un-register 
themselves.

Regards.

Pierrick Prost

CNRS - DR07


De : PROST pierrick
Envoyé : lundi 13 juin 2016 15:03
À : 
packetfence-users@lists.sourceforge.net
Objet : Unreg user of captive portail witch a click button

Hi everyone,

It's possible in Packetfence Inline mode with captive portal to allow user to 
"Unregistrate"  his session at the end ? We would use PF with loan laptop 
computer.


Thanks !

Have a good day

Pierrick Prost
DR07 - CNRS
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error with pf-maint.pl

2016-06-09 Thread Holger.Patzelt 
Hi folks,
I get an 501 "not implemented" when I try to use pf-maint.pl
(For info: We (naturally) have a proxy installed in between...)


--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
Pascalstr. 11, 10587 Berlin
Telefon: +49 30 8353 84591  Telefax: +49 30 8353 84429 (Tel)
E-Mail: holger.patz...@t-systems.com

Von: James Rouzier [mailto:jrouz...@inverse.ca]
Gesendet: Donnerstag, 9. Juni 2016 16:58
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] Error with pf-maint.pl


The script saves all previous applied patches in the directory.

/usr/local/pf/.paches

can you send me the contents of  /usr/local/pf/git_commit_id

James Rouzier

jrouz...@inverse.ca :: +1.514.447.4918 (x115)  ::  
http://www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)
On 2016-06-09 10:51 AM, Nathan, Josh wrote:
No, I ran it once before.  I think after the first patch was released.  But 
then I've seen at least one, if not 2 more patches get released that looked 
helpful.

Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
[https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPN1RscjFKUzN2NXc=download][https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPYXoydHlHMWFsbGM=download]

On Thu, Jun 9, 2016 at 4:41 PM, James Rouzier 
> wrote:

Was this the first time you ran pf-maint.pl after you 
installed 6.0.1?

James Rouzier

jrouz...@inverse.ca :: 
+1.514.447.4918 (x115)  ::  http://www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)
On 2016-06-09 10:36 AM, Nathan, Josh wrote:
I get this:
44843a2ebfee8d3a97908d7a262ae222f52a1ded-569bff3d1f44e60fc6cbbb4b26deb9e7d1e9f919.diff

Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
[https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPN1RscjFKUzN2NXc=download][https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPYXoydHlHMWFsbGM=download]

On Thu, Jun 9, 2016 at 4:18 PM, James Rouzier 
> wrote:

Hi Josh it seems that the maintenance branch is out of wack with your install.

Can you send me the out of the following command

ls /usr/local/pf/.paches

James Rouzier

jrouz...@inverse.ca :: 
+1.514.447.4918 (x115)  ::  http://www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)
On 2016-06-09 10:01 AM, Nathan, Josh wrote:
Any ideas on what to look for?  I'd like to apply some of the patches that have 
been released.  The server obviously has Internet access.  Do I need to pass a 
specific flag to pf-maint.pl?

Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
[https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPN1RscjFKUzN2NXc=download][https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPYXoydHlHMWFsbGM=download]

On Tue, Jun 7, 2016 at 10:35 AM, Nathan, Josh 
> wrote:
When I try to run pf-maint, I get the following error:

** GET 
https://api.github.com/repos/inverse-inc/packetfence/compare/a962ef7cf0c0755845f9e48ee0d2d0c5bf517c7d...f9dda4c3b46973fd6fa4fac586df9ce810df745c
 ==> 404 Not Found (1s)
404 Not Found

I'm running PF 6.0.1.

Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
[https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPN1RscjFKUzN2NXc=download][https://docs.google.com/a/bfacademy.de/uc?id=0B8Pp5014gOkPYXoydHlHMWFsbGM=download]




--

What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic

patterns at an interface-level. Reveals which users, apps, and protocols are

consuming the most bandwidth. Provides multi-vendor support for NetFlow,

J-Flow, sFlow and other flows. Make informed decisions using capacity

planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e



___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,

Re: [PacketFence-users] Windows Computer Certificates instead of hostnames

2016-06-02 Thread Holger.Patzelt 
Hallo Antoine,

thanks for your answer.
I think that shows enough to have work for a few days to try :)

Bye,
Holger


Von: Antoine Amacher [mailto:aamac...@inverse.ca]
Gesendet: Montag, 30. Mai 2016 19:55
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] Windows Computer Certificates instead of 
hostnames

Hello Holger,

1. You cannot do EAP-TLS + PEAP on a supplicant, it will be either one or the 
other. The combination of certificate and user/pw is not possible then.

That being said you can do an EAP-TLS Computer + User Auth, which would first 
authenticate the computer with hostname and his matching computer certificate 
and then authenticate the user with the user certificate as soon as it login.

You will need to look into EAP-TLS configuration for the server also, the main 
point being, your RADIUS and clients certificate needs to be issued from the 
same CA. There is an example on how to configure EAP-TLS with working 
certificate over here: 
http://packetfence.org/doc/PacketFence_MSPKI_Quick_Install_Guide.html#_step_2_configuring_packetfence
This example is with MSPKI but can be apply to any PKI.

For the filter there is an example matching what I explain, (ComputerAuth + 
UserAuth if ComputerAuth is valid) in the vlan_filters.conf.example file under 
the folder /usr/local/pf/conf

2. The other option would be to do EAP-TLS as ComputerAuth only and use the 
portal for a Username/PW authentication.

In this case you would not need to set any filter(via the filtering engine), 
once your EAP-TLS has authenticated, you should be redirected on the portal, 
since the EAP-TLS will only grant you access to be able to talk with 
PacketFence, unless you have a rule that register device which authenticate via 
EAP-TLS.
You could then create a portal profile using the filter connection-type 
Ethernet-EAP and/or Wireless-802.11-EAP, and add here your required source of 
authentication for the Username/PW.

This way you will have the combination wanted, the user will have to enter his 
credentials after his computer was validated on the network via a certificate.

Thank you
On 05/30/2016 11:22 AM, 
holger.patz...@t-systems.com wrote:
Hi folks,

anyone who can help me with the following task:
I want to authenticate Clients with Windows Computer Certificates (not 
"hostname") and Username/pw.

-  How do I configure the first ?

-  And how do the filter have to look for combining it with the user 
auth?

Thanks,
Holger




--

What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic

patterns at an interface-level. Reveals which users, apps, and protocols are

consuming the most bandwidth. Provides multi-vendor support for NetFlow,

J-Flow, sFlow and other flows. Make informed decisions using capacity

planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Antoine Amacher

aamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Windows Computer Certificates instead of hostnames

2016-05-30 Thread Holger.Patzelt 
Hi folks,

anyone who can help me with the following task:
I want to authenticate Clients with Windows Computer Certificates (not 
"hostname") and Username/pw.

-  How do I configure the first ?

-  And how do the filter have to look for combining it with the user 
auth?

Thanks,
Holger
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] SSH not passing interface enable/disable commands

2016-05-11 Thread Holger.Patzelt 
Hi,

this might not really help you, but we actually have 801x User Auth running via 
radius on Juniper ex3200 with the Type set to “Juniper::EX2200” .
With the EX Type it never worked here.

bye
Holger



Von: Louis Munro [mailto:lmu...@inverse.ca]
Gesendet: Mittwoch, 11. Mai 2016 19:28
An: packetfence-users@lists.sourceforge.net
Betreff: Re: [PacketFence-users] SSH not passing interface enable/disable 
commands

Hi Dustin,
Try setting the type to “Juniper::EX2200”.

The generic code for the EX module is very old.
It may be time for us to revisit it.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On May 11, 2016, at 13:14 , Dustin Berube 
> wrote:

Hi Louis,

I'm testing this against a Juniper EX4200-48PX running Junos 13.2X51-D35.3 
(latest branch of 13.2).




Here's the config from switches.conf

[172.22.0.201]
mode=production
Technology ServicesVlan=51
VoIPCDPDetect=N
VoIPDHCPDetect=N
AccessListMap=N
description=EX 4200
SNMPVersionTrap=2c
cliPwd=
cliTransport=SSH
UrlMap=N
registrationVlan=98
Technology ServicesRole=techsvcs_51
cliUser=packetfence
deauthMethod=RADIUS
type=Juniper::EX
VoIPLLDPDetect=N
isolationVlan=97
radiusSecret=
SNMPVersion=2c
cliEnablePwd=
voiceVlan=99


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sending Security Onion alerts to PacketFence

2016-05-11 Thread Holger.Patzelt 
Hi,

What about IP-Tables??

Greets,
Holger

Von: Morgan, Darren [mailto:dmor...@oundleschool.org.uk]
Gesendet: Montag, 9. Mai 2016 17:48
An: packetfence-users@lists.sourceforge.net
Betreff: [PacketFence-users] Sending Security Onion alerts to PacketFence

Hi,

We have SecurityOnion (using Suricata) and PacketFence working well on our 
network.  I'm currently trying to send the alerts from the Security Onion 
server to the PacketFence server.  I've followed the instructions within the 
Administration Guide (Chapter 13 - We're using PF version 5.7) But I can't seem 
to get the alerts to be shown in PacketFence.  Does anyone have any ideas where 
I can start trying to solve this issue?  I've changed the syslog-ng.conf on the 
SecurityOnion server to log to a file to prove it works (Every alert shows in 
the file) but when I set it to send to the PacketFence server nothing appears 
to happen. There seems to be an outgoing connection from the Security Onion 
server to our PacketFence server;

Output of netstat -peanut;

udp0  0 127.0.0.1:52444 127.0.0.1:514   ESTABLISHED 
98920594   1641/ossec-csyslogd
udp0  0 192.168.XXX.231:57654   192.168.XXX.232:514 ESTABLISHED 
0  130271548498/syslog-ng
udp0  0 0.0.0.0:514 0.0.0.0:*   
0  130271508498/syslog-ng

But I don't seem to get an equivalent connection on the PacketFence server side;

udp0  0 0.0.0.0:514 0.0.0.0:*   
0  699304 3167/rsyslogd

So I assume the port is just listening.

I've checked that on the PacketFence server I've modified the rsyslog.conf, and 
created the securityonion_ids.conf, and made sure the alerting pipe exists.  
Also configured a new syslog parser through the GUI and created alerts (In this 
case to alert on any P2P traffic, which Security Onion shows that we have 
approx. 150 incidents a day)

Does anyone have any pointers where I can start digging to solve this?

Many thanks

Darren Morgan
Systems Manager
Oundle School




This email is sent from either Oundle School or Laxton Junior School for The 
Corporation of Oundle School and is intended only for the addressee named 
above.  The Corporation of Oundle School is a Charity incorporated under Royal 
Charter RC000396 and charity number 309921.  
www.oundleschool.org.uk





Scanned by iCritical.


--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence 6.0 AD Domains "Add Domain" bug

2016-04-22 Thread Holger.Patzelt 
Hi,

for the records:
I am trying to set up the  packetfence-ZEN-6.0.0 VM.

The "Add Domain" wizard has a little, but tricky Bug:
If one types in an "identifier" containing a space (eg. "my AD") neither the 
wizard directly nor the "save" button complains.
As a fatal result the chroot directory created is not "my AD" as one might 
think (besides spaces are a pain in the a** in dir/file names under *nix 
anyway) but the created dir is simply "my".
I think I don't have to explain any further, that neither webmin starts nor 
comes the wizard with any error message at all. (In fact the wizard returns 
with an empty (!) message.

Bye
--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence-ZEN-5_7_0.zip not quite up-to-date?

2016-04-11 Thread Holger.Patzelt 
Hi,

am I wrong or IS the pf 5.7.0 ZEN ovf not quite up-to-date?
After having the VM configured I was confused not seeind switch groups so I 
looked at the Version shown with the "info" button.
Is there a reason, why the VM comes with 5.7 Server but 5.5 Admin-GUI ??

Bye,
Holger

--
Holger Patzelt

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] AD auth fails

2015-10-23 Thread Holger.Patzelt 
Hi folks,

just for the records: Louis is my hero, too.

And for Louis:
The hint was right.
Could it be, that once installed the “webservice” user and pw will not be 
inserted into the right files, if changed in the gui??
I am not sure anymore if I touched any of these files “by hand”, but somehow 
changes didn’t get there by the gui…
Anyway, it now works as intended and we are through with the “must haves”. The 
“nice to haves” will have to wait until January I suppose.

Bye,
Holger




From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Thursday, October 22, 2015 5:29 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD auth fails

Hi Holger,

What you are seeing in the radius logs is a connection error from the radiusd 
process to the httpd.aaa service (over HTTP).

We can see that the process is running and listening on your system.
But radius returns an SSL error when trying to connect to the httpd.aaa:

rlm_perl: An error occurred while processing the authorize RPC request: An 
error occured while sending a MessagePack request: 35 SSL connect error SSL 
connect error at /usr/local/pf/lib//pf/radius/rpc.pm line 51.

So it comes down to troubleshooting that connection.
Look at raddb/radiusd.conf.

Are the rpc_* variables correct?
Right host, port, protocol?

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Oct 22, 2015, at 8:44 , 
> 
> wrote:

Hi there,

anyone, any thoughts?

--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
Pascalstr. 11, 10587 Berlin
Telefon: +49 30 8353 84591  Telefax: +49 30 8353 84429 (Tel)
E-Mail: holger.patz...@t-systems.com

Die gesetzlichen Pflichtangaben finden Sie unter: 
http://www.telekom-healthcare.com/pflichtangaben

Hinweis: Diese E-Mail und/oder die Anhänge sind vertraulich und ausschließlich 
für den bezeichneten Adressaten bestimmt. Die Weitergabe oder Kopieren dieser 
E-Mail ist strengstens verboten. Wenn Sie diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte unverzüglich den Absender und vernichten Sie die 
Nachricht und alle Anhänge. Vielen Dank.

-Original Message-
From: Patzelt, Holger
Sent: Wednesday, October 21, 2015 5:16 PM
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD auth fails

Hi Louis,

Here you are:

(don’t be irritated, due to a restart, i changed the PID…) # lsof -nPp 15000 | 
grep IPv4 tells:

httpd   15000 root7u  IPv4 139071  0t0 TCP 
127.0.0.1:7070 (LISTEN)
httpd   15000 root8u  IPv4 139073  0t0 TCP 
172.20.1.20:7070 (LISTEN)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] AD auth fails

2015-10-22 Thread Holger.Patzelt 
Hi there,

anyone, any thoughts?

--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
Pascalstr. 11, 10587 Berlin
Telefon: +49 30 8353 84591  Telefax: +49 30 8353 84429 (Tel)
E-Mail: holger.patz...@t-systems.com

Die gesetzlichen Pflichtangaben finden Sie unter: 
http://www.telekom-healthcare.com/pflichtangaben

Hinweis: Diese E-Mail und/oder die Anhänge sind vertraulich und ausschließlich 
für den bezeichneten Adressaten bestimmt. Die Weitergabe oder Kopieren dieser 
E-Mail ist strengstens verboten. Wenn Sie diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte unverzüglich den Absender und vernichten Sie die 
Nachricht und alle Anhänge. Vielen Dank.

-Original Message-
From: Patzelt, Holger 
Sent: Wednesday, October 21, 2015 5:16 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD auth fails

Hi Louis,

Here you are:

(don’t be irritated, due to a restart, i changed the PID…) # lsof -nPp 15000 | 
grep IPv4 tells:

httpd   15000 root7u  IPv4 139071  0t0 TCP 
127.0.0.1:7070 (LISTEN)
httpd   15000 root8u  IPv4 139073  0t0 TCP 
172.20.1.20:7070 (LISTEN)


pf.conf (slightly “anonymized”):
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=adminnet.nicedomain.de
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in 
Apache rewriting rules and therefore must be resolvable by clients.
hostname=mypf-server
#
# general.dnsservers
#
# Comma-delimited list of DNS servers.  Passthroughs are created to allow 
queries to these servers from even "trapped" nodes.
dnsservers=127.0.0.1,172.20.10.22
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to allow DHCP 
transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,172.20.10.22
#
# general.timezone
#
# System's timezone in string format. Supported list:
# http://www.php.net/manual/en/timezones.php
timezone=Stardate

[trapping]
#
# trapping.detection
#
# Enables snort-based worm detection.  If you don't have a span interface 
available, don't bother enabling it.  If you do, # you'll most definately want 
this on.
detection=enabled
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will 
monitor/detect/trap on.  Gateway, network, and # broadcast addresses are 
ignored.
range=172.20.9.20-254/24
#
# trapping.interception_proxy
#
# When enabled, packetfence will intercept proxy request to somes specified 
port interception_proxy=enabled

[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with 
an action of "email", or any other # PacketFence-related message goes to.
emailaddr=someu...@mypf-server.internal.nicedomain.de
#
# alerting.wins_server
#
# WINS server to  resolve NetBIOS name of administrative workstation to IP 
address.
wins_server=172.20.10.22
#
# alerting.admin_netbiosname
#
# NetBIOS name of administrative workstation to send alerts with "winpopup" 
action assigned.
admin_netbiosname=someworkstation

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
is set

[expire]
#
# expire.node
#
# Time before a node is removed due to inactivity.
# A value of 0D disables expiration.
# example:
# node=90D
node=90D
#
# expire.iplog
#
# Time which you would like to keep logs on IP/MAC information.
# A value of 0D disables expiration.
# example:
# iplog=180D
iplog=90D
#
# expire.traplog
#
# Time which you would like to keep logs on trap information.
# A value of 0D disables expiration.
# example:
# traplog=180D
traplog=90D
#
# expire.locationlog
#
# Time which you would like to keep logs on location information # Please note 
that this table should not become too big since it # could degrade pfsetvlan 
performance.
# A value of 0D disables expiration.
# example:
# locationlog=180D
locationlog=90D
#
# expire.httpd_admin
#
# Please note that this table should not become too big since it 
httpd_admin=disabled

[services]
#
# services.pfsetvlan
#
# Should pfsetvlan be managed by PacketFence?
pfsetvlan=enabled

[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the 
common/network-access-detection.gif which is used to detect if network # access 
was enabled. 
# It cannot be a domain name since it is used in registration or quarantine 
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence server 
and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy solution.
#
network_detection_ip=172.20.11.20

[webservices]
#
# webservices.user
#
# username to use to connect to the webAPI user=websrv_user # # 
webservices.pass # # password of the username is set, too # # webservices.proto 
# # proto to use proto=https

[interface eth0]
enforcement=vlan
ip=172.20.9.20
type=monitor

Re: [PacketFence-users] AD auth fails

2015-10-21 Thread Holger.Patzelt 
Hi Louis,

Here you are:

(don’t be irritated, due to a restart, i changed the PID…)
# lsof -nPp 15000 | grep IPv4 tells:

httpd   15000 root7u  IPv4 139071  0t0 TCP 
127.0.0.1:7070 (LISTEN)
httpd   15000 root8u  IPv4 139073  0t0 TCP 
172.20.1.20:7070 (LISTEN)


pf.conf (slightly “anonymized”):
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=adminnet.nicedomain.de
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in 
Apache rewriting rules and therefore must be resolvable by clients.
hostname=mypf-server
#
# general.dnsservers
#
# Comma-delimited list of DNS servers.  Passthroughs are created to allow 
queries to these servers from even "trapped" nodes.
dnsservers=127.0.0.1,172.20.10.22
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to allow DHCP 
transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,172.20.10.22
#
# general.timezone
#
# System's timezone in string format. Supported list:
# http://www.php.net/manual/en/timezones.php
timezone=Stardate

[trapping]
#
# trapping.detection
#
# Enables snort-based worm detection.  If you don't have a span interface 
available, don't bother enabling it.  If you do, 
# you'll most definately want this on.
detection=enabled
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will 
monitor/detect/trap on.  Gateway, network, and 
# broadcast addresses are ignored.
range=172.20.9.20-254/24
#
# trapping.interception_proxy
#
# When enabled, packetfence will intercept proxy request to somes specified port
interception_proxy=enabled

[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with 
an action of "email", or any other 
# PacketFence-related message goes to.
emailaddr=someu...@mypf-server.internal.nicedomain.de
#
# alerting.wins_server
#
# WINS server to  resolve NetBIOS name of administrative workstation to IP 
address.
wins_server=172.20.10.22
#
# alerting.admin_netbiosname
#
# NetBIOS name of administrative workstation to send alerts with "winpopup" 
action assigned.
admin_netbiosname=someworkstation

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
is set

[expire]
#
# expire.node
#
# Time before a node is removed due to inactivity.
# A value of 0D disables expiration.
# example:
# node=90D
node=90D
#
# expire.iplog
#
# Time which you would like to keep logs on IP/MAC information.
# A value of 0D disables expiration.
# example:
# iplog=180D
iplog=90D
#
# expire.traplog
#
# Time which you would like to keep logs on trap information.
# A value of 0D disables expiration.
# example:
# traplog=180D
traplog=90D
#
# expire.locationlog
#
# Time which you would like to keep logs on location information
# Please note that this table should not become too big since it 
# could degrade pfsetvlan performance.
# A value of 0D disables expiration.
# example:
# locationlog=180D
locationlog=90D
#
# expire.httpd_admin
#
# Please note that this table should not become too big since it 
httpd_admin=disabled

[services]
#
# services.pfsetvlan
#
# Should pfsetvlan be managed by PacketFence?
pfsetvlan=enabled

[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the 
common/network-access-detection.gif which is used to detect if network
# access was enabled. 
# It cannot be a domain name since it is used in registration or quarantine 
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence server 
and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy solution.
#
network_detection_ip=172.20.11.20

[webservices]
#
# webservices.user
#
# username to use to connect to the webAPI
user=websrv_user
#
# webservices.pass
#
# password of the username
is set, too
#
# webservices.proto
#
# proto to use
proto=https

[interface eth0]
enforcement=vlan
ip=172.20.9.20
type=monitor
mask=255.255.255.0

[interface eth1]
enforcement=vlan
ip=172.20.13.20
type=internal
mask=255.255.255.0

[interface eth2]
enforcement=vlan
ip=172.20.17.20
type=monitor
mask=255.255.255.0

[interface eth3]
enforcement=vlan
ip=172.20.10.20
type=monitor
mask=255.255.255.0

[interface eth4]
enforcement=vlan
ip=172.20.13.20
type=monitor
mask=255.255.255.0

[interface eth5]
enforcement=vlan
ip=172.20.11.20
type=internal
mask=255.255.255.0

[interface eth6]
enforcement=vlan
ip=172.20.15.20
type=portal,monitor
mask=255.255.255.0

[interface eth7]
ip=172.20.1.20
type=management
mask=255.255.255.0



From: Louis Munro [mailto:lmu...@inverse.ca] 
Sent: Wednesday, October 21, 2015 3:52 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD auth fails



On Oct 21, 2015, at 9:33 ,  
 wrote:

httpd.aaa|1|8993

Re: [PacketFence-users] AD auth fails

2015-10-21 Thread Holger.Patzelt 
Hi Louis,

Yes Services do run
(I suppose that snort does not impact the auth processes...)

service|shouldBeStarted|pid
carbon-cache|1|8964
carbon-relay|1|8971
collectd|1|8974
dhcpd|1|8991
haproxy|0|0
httpd.aaa|1|8993
httpd.admin|1|8935
httpd.graphite|1|9004
httpd.portal|1|9018
httpd.proxy|1|9030
httpd.webservices|1|9149
iptables|1|-1
memcached|1|8918
pfbandwidthd|0|0
pfdetect|1|9174
pfdhcplistener_eth1|1|9178
pfdhcplistener_eth5|1|9183
pfdhcplistener_eth7|1|9191
pfdns|1|9194
pfmon|1|9198
pfsetvlan|1|9213
radiusd|1|9674
radsniff3|1|9235
snmptrapd|0|9211
snort|1|0
statsd|1|9247
suricata|0|0
winbindd-dtpublic2.conf|1|9383
keepalived|0|0

Regards,
Holger



From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Tuesday, October 20, 2015 7:08 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] AD auth fails


On Oct 20, 2015, at 13:03 , 
> 
> wrote:


What have I done wrong?
Please help!!!


Are all PacketFence services running?

Please post the output of
# service packetfence status

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)


--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] AD auth using Client Certs?

2015-10-01 Thread Holger.Patzelt 
Hi,

does anyone use AD auth as source with Client Certificates?
Can anyone tell me, what I do have to change, that Machine Auth does not querry 
an existing machine name, but the client cert?

Bye,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Debian Jessie support

2015-09-08 Thread Holger.Patzelt 
Hi Louis,
hi folks,

thanks for your patience with us, answering these questions all over again.

Maybe you find the following information interesting:
On "your" Web-Page (the Main Page of inverse.ca) it says:
Supported operating systems are

 *   Community ENTerprise Operating System (CentOS) 5+
 *   Debian 4+ and Ubuntu 8+
 *   openSUSE 10.3+
 *   Red Hat Enterprise Linux 5+
Maybe the Page is in need of some sort of facelift :)

Btw.: Maybe you would like some other feedback about Juniper Switches for your 
Dokumentation:
We use PF with Juniper EX3200 Switches here, usind the EX2200 "Template" as is.

Bye,
Holger

--

Holger Patzelt

From: Louis Munro [mailto:lmu...@inverse.ca]
Sent: Tuesday, September 01, 2015 3:31 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Debian Jessie support

I am going to pull a Debian here:

"It's ready when it's ready".

Maintaining three different distributions across multiple releases is a huge 
pain in the lower back.
Paths change across distros, bug appear in libraries of dependencies of 
dependencies on one distros and not another etc.

So essentially the choice is betweeen a few well supported and tested distros 
and releasing for more distros with probably more bugs.

The current priority is RHEL 7.
All other (new) distros are subordinate to that.
The overwhelming majority of our clients use RHEL or CentOS.

Then, at some later point and hopefully by the end of this year additional 
distros will be added.

In all cases, it will be the same PacketFence regardless of the base distro.
I realize some people do have valid reasons for wanting a more recent distro 
(e.g. kernel related).
I would advise them to consider moving to CentOS or RHEL 7 if possible when it 
comes out.
It is likely to be the longest maintained version in the future and the one for 
which updates come out the fastest.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  
www.inverse.ca
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)

On Aug 31, 2015, at 11:45 , 
holger.patz...@t-systems.com wrote:


Hello Henry-Nicolas,
hello Louis

Maybe this is a good time to ask Louis again, about the ubuntu 14.4LTS support?
Or do you plan to skip 14.4LTS to jump to 16.4, when it is released?

Best regards,
Holger

-Original Message-
From: Henry-Nicolas [mailto:nicolas...@babsetnico.net]
Sent: Sunday, August 30, 2015 3:49 PM
To: 
packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Debian Jessie support


Hello everyone,

I would like to use PacketFence on Debian but I'm running the latest Stable 
version (Jessie, at this moment).
I saw that there is support for Wheezy, any plan to add support for Jessie?

Are there any alternatative methods to install PacketFence on Debian Jessie?

Best regards,

Henry-Nicolas

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Debian Jessie support

2015-08-31 Thread Holger.Patzelt 
Hello Henry-Nicolas, 
hello Louis

Maybe this is a good time to ask Louis again, about the ubuntu 14.4LTS support?
Or do you plan to skip 14.4LTS to jump to 16.4, when it is released?

Best regards,
Holger

-Original Message-
From: Henry-Nicolas [mailto:nicolas...@babsetnico.net] 
Sent: Sunday, August 30, 2015 3:49 PM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Debian Jessie support


Hello everyone,

I would like to use PacketFence on Debian but I'm running the latest Stable 
version (Jessie, at this moment).
I saw that there is support for Wheezy, any plan to add support for Jessie?

Are there any alternatative methods to install PacketFence on Debian Jessie?

Best regards,

Henry-Nicolas

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] packetfence with one interface

2015-08-25 Thread Holger.Patzelt 
Hi folks,

to have a little bit of practice at home, I would like to install packetfence 
on a spare Metal at home.
The main challengeis, that the server has only one interface and there is only 
a typical home all in one router (wlan,lan and Internet via dsl to the isp), 
which does not support VLAN tagging.

As this breaks the actual installation manuals, have you any setup hints for me?

Regards,
Holger
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Rogue switches

2015-07-02 Thread Holger.Patzelt 
Hi Robert,

Isn't your switch able to limit access to only one mac per port?
Or isn't that the solution you need? (Or do you use ip-phones and computers on 
same port?)

Bye,
Holger

From: Rhoads, Robert W. [mailto:rhoa...@danvilleva.gov]
Sent: Thursday, July 02, 2015 3:33 PM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Rogue switches

PacketFence experts,


 Is there a means or mechanism within PacketFence, when 802.1x/MAB is in 
use, that will prevent an access port under PF control from allowing another 
switch from working when connected to that port?  I am aware I can use BPDU 
Guard on access ports to stop a switch by killing the port if it is talking 
Spanning-Tree, but I am more interested in stopping small, unmanaged switches 
that don't talk Spanning-Tree that people have a tendency to plug in without 
asking or getting permission.  An earlier thread on this topic did not really 
shed that much light for me...  I appreciate any help and guidance.


Respectfully,

Robert Rhoads
rhoa...@danvilleva.govmailto:rhoa...@danvilleva.gov

--
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] against which Windows Versions (AD) have you PF running

2015-06-29 Thread Holger.Patzelt 
Hi folks,

we plan to run PF 5.2 against a Windows 2012r2 AD.
Anyone out there, who has that up and running already?
(Any pit falls, we have to take care about?)

Greetings,
Holger

--

--
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical  virtual servers, alerts via email  sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Error in krb5.tt template

2015-05-27 Thread Holger.Patzelt 
Hi folks,

I suppose there is some error in the template for the migration.pl script:

The default_realm is hard coded into the template, with which one finds oneself 
bound to INVERSE.LOCAL instead of the correct realm :-)
I will post this as a bug, too.

Regads,
Holger

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] radius

2015-05-20 Thread Holger.Patzelt 
Hi,

can anyone tell me, where the Domain Information in the pf-Radius log come 
from?

The background is: 
When using the AD authentication as it is described in the PF-doku, and using 
the user authentication everything works fine and the entries in the radius 
log show up in the usual way: domain\\username. But using the Host 
authentication as described in the Dokumentation, it Does not.
The enties in the log file look like this: host/fqhn. Yes, the beginning is 
host and although with users it uses the \\ here it uses /.
And no wonder the authentication fails with something similar to host : 
unknown Domain .

Any hints ??
(using pf 5.02 on debian 7 )

Bye,
Holger

--
Holger Patzelt
E-Mail: holger.patz...@t-systems.com



--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Error in dokumentation

2015-05-18 Thread Holger.Patzelt 
Hi folks,

could it be, that there is another mistake in the documentation?

It took me quite a while to get the AD authentication working. (PF 502)
Problem was, that the Doku told for Debian to use the winbind separator = + 
option in the smb.conf.
But using this in combination with Scope: One-level in the AD-Source 
definition, as the Doku tells, does not work.

Using one-level and commenting out the winbind separator definition did the 
trick,
(At least until someone tells me, that I misunderstand some side affects...??) 
as did using the + as separator and Base Object within the AD-source 
definition...

Greetings,
Holger


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] initial Interfaces config

2015-05-08 Thread Holger.Patzelt 
Hi,

just for he rekords:

during setup of pf(5x) no matter of centos or ubuntu the configurator had 
problems showing the interfaces.
Every time you set up another interface, he only shows the situation at 
startup. The interfaces are declared, as one can continue and they show up, if 
you open the interfaces page coming back from one of the other steps. But as 
soon as you change another interface, you see exactly what you have seen when 
you entered the interface page at the startup of the configurator.

Regards,
Holger

--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
Pascalstr. 11, 10587 Berlin
Telefon: +49 30 8353 84591  Telefax: +49 30 8353 84429 (Tel)
E-Mail: holger.patz...@t-systems.commailto:holger.patz...@t-systems.com

Die gesetzlichen Pflichtangaben finden Sie unter: 
http://www.telekom-healthcare.com/pflichtangabenhttp://www.telekom-healthcare.com/footer/impressum/1224744

Hinweis: Diese E-Mail und/oder die Anhänge sind vertraulich und ausschließlich 
für den bezeichneten Adressaten bestimmt. Die Weitergabe oder Kopieren dieser 
E-Mail ist strengstens verboten. Wenn Sie diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte unverzüglich den Absender und vernichten Sie die 
Nachricht und alle Anhänge. Vielen Dank.

--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Which distro?

2015-05-08 Thread Holger.Patzelt 
Hi folks,

thanks for your answers and telling me within, that I did cut my question a bit 
too short, because I meant PF5 (not CentOS5, which even I know as too old :-) 
). So I’ve learned to take CentOS. I don’t really mind doing so, I’m just more 
used to the apt-get of dabian based systems :-)

Is there someone else using Juniper EX3200 Switches with PF??
(might have some Juniper related Questions later...)

Regards,
Holger


--
Holger Patzelt
E-Mail: holger.patz...@t-systems.com


From: Chris Abel [mailto:ca...@wildwoodprograms.org] 
Sent: Thursday, May 07, 2015 6:56 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Which distro?

Sorry. Didn't realize Debian 8 was released. Yes, I am using Debian 7.

On Thu, May 7, 2015 at 12:29 PM, Mourik Jan Heupink heup...@gmail.com wrote:
Well...debian 8 being the latest, I'd definitely choose 7 and not eight.
Chris Abel ca...@wildwoodprograms.org schreef op 7 mei 2015 18:15:19 CEST:
Highly recommend latest version of Debian. I too had trouble with installing PF 
on more recent distros. Debian was the only one I was able to do it on.

On Thu, May 7, 2015 at 12:11 PM, Mourik Jan Heupink heup...@gmail.com wrote:
We're on debian 7, and this works fine. At least: most of our problems (we're 
still testing currently) are caused by me :-)
holger.patz...@t-systems.com schreef op 7 mei 2015 18:03:54 CEST:
Hi, 

after running permanently into config problems with ubuntu, I would like to 
know, what you guys run pf on.
Could it be, that centos is preferred?? Or at least, better tested (with 5...) ?
Any suggestions?

Regards
Holger



One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y


PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




-- 
Chris Abel
Systems and Network Administrator
Wildwood Programs 
2995 Curry Road Extension
Schenectady, NY  12303
518-836-2341


IMPORTANT NOTICE: This message and any attachments are solely for the intended 
recipient and may contain confidential information, which is, or may be, 
legally privileged or otherwise protected by law from further disclosure. If 
you are not the intended recipient, any disclosure, copying, use, or 
distribution of the information included in this email and any attachments is 
prohibited. If you have received this communication in error, please notify the 
sender by reply email and immediately and permanently delete this email and any 
attachments.


One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable
Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y


PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users




-- 
Chris Abel
Systems and Network Administrator
Wildwood Programs 
2995 Curry Road Extension
Schenectady, NY  12303
518-836-2341


IMPORTANT NOTICE: This message and any attachments are solely for the intended 
recipient and may contain confidential

Re: [PacketFence-users] Storing extra information in the database from a guest portal page

2015-05-07 Thread Holger.Patzelt 
Hi Fabrice,

Du you have a planned release date for 5.1, yet?

Regards,
Holger


-Original Message-
From: Fabrice DURAND [mailto:fdur...@inverse.ca] 
Sent: Thursday, May 07, 2015 2:37 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Storing extra information in the database from 
a guest portal page

Hi David,

i just did a test on a 4.7 version and there is only 3 conflicts that are 
really easy to fix.
So it's as you want,patch 4.7 or install 5.0.2 and patch it or wait for 5.1.

Regards
Fabrice

Le 2015-05-07 08:06, David Murrell a écrit :
 Hi,

 That's awesome. :)

 I'll apply it tomorrow, and see how it goes. Does it need 5.0.2?

 Cheers,
 David

 On Thu, May 7, 2015 at 11:39 PM, Durand fabrice fdur...@inverse.ca 
 mailto:fdur...@inverse.ca wrote:

 Hi David,

 this is exactly what we are working on.

 We made a branch (fix/mandatory_fields) that fix that. If you want
 you can try to apply the patch of this branch to your setup
 
 (https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/516.diff).
 Also it will be available in the incoming 5.1 release.

 Regards
 Fabrice



 Le 2015-05-06 21:30, David Murrell a écrit :
 Hi,

 I'm a bit stuck.  For a openday here on campus for prospective
 students, (using packetfence 4.7.0) marketing wants visting
 students to have wifi internet access on the day in return for
 some extra data gathered via a custom portal page. 
 -- this might be important? I'm not using the default portal, but
 a custom one specific for the day.

 This is fine. Portal submit + dynamic vlan switch on valid auth
  + dhcp + dynamic deregister in the gui for bad clients works
 brilliantly. So brilliantly in fact, I'm going to replace our
 other radius + eduroam connection handling and NPS wired switch
 auth backend with it.  

 Where I'm stuck: I'm trying to store extra data from the portal
 page into the database so that we can give it to marketing to do
 after-the-event marketing to students. 

 If I add something like this to Portal Profiles and
 Pages/openday/Files/guest.html:  (a contrived example, cough)

 spanSchool/span
 input class=field name=custom_field_1
 type=custom_field_1 value= /br/

 The field pops up on the portal page, I can add data, and mash
 the register button, and then the custom_field_1 data goes into a
 black hole somewhere.   I can see the page submitting the data
 via the post request.

 If I cause the page to not submit by not having all the mandatory
 fields filled, the custom_field_1 field doesn't include the
 submitted data in the result page, but the firstname field does. 

 If I extend the mandatory field list to include custom_field_1,
 then it will show a warning if it does not contain data, but
 still won't send the submitted data back on the Missing
 mandatory parameter(s) result page. 

 I see the other data in the form being added to the database,
 (after enabling TRACE) in the logging files:

 == logs/packetfence.log ==
 attempt #0 to run query person_add_sql from module person
 SQL statement (person_add_sql):  INSERT INTO person
(pid, firstname, lastname, email, telephone,
 company, address, notes, sponsor, anniversary,
 birthday, gender, lang, nickname, cell_phone,
 work_phone, title,
 building_number, apartment_number, room_number,
 custom_field_1, custom_field_2,
 custom_field_3, custom_field_4, custom_field_5,
 custom_field_6, custom_field_7,
 custom_field_8, custom_field_9, portal, source)
 VALUES
 (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) 
 SQL params (person_add_sql): emailaddr...@gmail.com
 mailto:emailaddr...@gmail.com, first3, last3,
 emailaddr...@gmail.com mailto:emailaddr...@gmail.com,
 0, org3, null, email activation. Date of arrival:
 2015-05-07 12:45:41, null, null, null, null, null,
 null, null, null, null, null, null, null, null,
 null, null, null, null, null, null, null, null,
 openday, email
 person emailaddr...@gmail.com mailto:emailaddr...@gmail.com 
 added

 This is using the email source as it appears to captures more
 data, not the null provisioner. - it also causes the guest.html
 section of the portal to be used, rather than the login.html
 pages. I don't quite understand that mapping, either. 

 Any help would be much appreciated,

 Thanks in advance. 

 Cheers,
 David Murrell

 Systems Engineer - Linux
 ITS Infrastructure
 University of Waikato, NZ


 Other files that may be of use:

 [root@pktfence-guest pf]# cat conf/provisioning.conf
 [accept]
 type=accept
 description=accept

[PacketFence-users] Which distro?

2015-05-07 Thread Holger.Patzelt 
Hi, 

after running permanently into config problems with ubuntu, I would like to 
know, what you guys run pf on.
Could it be, that centos is preferred?? Or at least, better tested (with 5...) ?
Any suggestions?

Regards
Holger


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Admin Documentation still accurate ??

2015-05-07 Thread Holger.Patzelt 
Hi,

i stumbled on a problem in the docs: The admin docs says on Page 9 for a debian 
or Ubuntu:
Regarding resolvconf, you can remove the symlink to that file and simply 
create...you want.
But that is not true. Doing so and trying to manage interfaces via ifup/ifdown 
ends with:
/etc/resolf.conf is not a symlink. Doing nothing!

regards

--
DEUTSCHE TELEKOM HEALTHCARE AND SECURITY SOLUTIONS GMBH

Holger Patzelt
E-Mail: holger.patz...@t-systems.com


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] pf shows: Error!! An Error condition has occurred...

2015-05-06 Thread Holger.Patzelt 
Hi,

I am trying to set up pf 5.02 on a blank ubuntu 12.4 (wish it could be 14.4., 
but that's another...) like it is said in the documentation.
After initial setup (and whatever I do) I get the nice red bar on the Dashbord 
and some other pages stating the message like stated in subject, that some 
error condition has occurred. 
Using the Perform checkup Button, I get the message (white this time):
FATAL : Apache will fail to start! 
/usr/local/pf/lib/pf/web/captiveportal_modperl_require.pl doesn't compile

Any hints how I do get rid of these?

BTW: the portal_error_log throws: mod_qos(007) could not determine MaxClients 
You must set this ... and so on. But it seems this might be a mistake, because 
in the module is enabled... maybe the pf config is missing something?

Regards,
Holger

--
Holger Patzelt
E-Mail: holger.patz...@t-systems.com


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users