This is intended to be temporary anyway, so will push through with this since I
have it at least partially working.
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design some
Yuck.
802.1x would be for enhanced security, but we’re limited to either cleartext or
a crappy hash? I understand this isn’t your issue… Still sucks though.
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently adv
to get that information.
Thanks,
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
with an
interface I can use to add users, change passwords, etc.
Thanks,
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's
I have the option of using Office365, potentially, for authentication. Has
anyone successfully set this up? If so, is there a runbook somewhere I can
refer to?
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mi
registering the dock itself.
>
> Jes
>
> -Oprindelig meddelelse-
> Fra: Jason 'XenoPhage' Frisvold via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> Sendt: 27. november 2017 23:17
> Til: packetfence-users@lists.sourceforge.net
> Cc: Jason '
very difficult to detect that if the port
stays up when the computer is disconnected. 802.1x would help in this
situation, if that's something you can deploy.
--
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make wh
ssign the Authentication::Password you created to a root module and use
> that root module on the portal.
>
> Btw you need to have 7.1 minimum.
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-07-13 à 15:55, Jason 'XenoPhage' Frisvold via PacketFence-users
> a écr
.
Thoughts?
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
signature.asc
Description: OpenPGP digital
there?
Thanks,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools."
- The Hitchhikers Guide to
of those roles is only in the
roles.conf file. Make sure you check both roles.conf and
roles.conf.defaults in the /usr/local/pf/conf directory.
> Thanks
>
> Luca
--
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
“Space,” it says,
On 7/11/17 17:01, Jason 'XenoPhage' Frisvold via PacketFence-users wrote:
> On 7/11/17 15:55, Louis Munro wrote:
>> You don't need to enable the captive portal.
>> It's on by default if you have an interface defined as type=registration.
>> As long as you are sent to the regis
pd
The only one I think is important here is the pfsetvlan service.. I'm
actually kind of shocked that's disabled. That was, in previous
versions, really important. Should these be enabled? Could they be
causing some of the issues?
--
-------
Jason 'XenoPhage' Frisvold
xenoph...@gods
(www.sogo.nu <http://www.sogo.nu>)
> and PacketFence (www.packetfence.org <http://www.packetfence.org>)
>
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from techno
On 7/7/17 12:32, Jason 'XenoPhage' Frisvold via PacketFence-users wrote:
> On 7/6/17 17:01, Louis Munro wrote:
>> Hi Jason,
>> At first glance, the logs below seem to indicate something is wrong when
>> it comes to assigning a role to the device.
>>
>> Ca
that a whirl and see what
happens..
Thanks!
> Hope this helps,
> --
> Louis Munro
--
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly bi
10.10.1 port 50105 cli yy:yy:yy:yy:yy:yy)
Thanks!
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of
,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
signature.asc
Description: OpenPGP digital
SneakerNet: Aquinas Hall Room 008-A
>
>
> From: Jason 'XenoPhage' Frisvold <xenoph...@godshell.com>
> <mailto:xenoph...@godshell.com>
> Reply: packetfence-users@lists.sourceforge.net
> <packetfence-users@lists.sourceforge.net>
> <mailto:packetfen
for so many hours. Maybe when pfmon is not running for some reason?
>
> We never had this issue again, but nevertheless I set wait_timeout in
> my.cf to 43200 = 12 hours.
>
> Maybe this helps in you, too.
>
> Regards,
> Till
>
> On 29.09.2016 19:34, Jason 'XenoP
at mysql may be restarted (by systemd perhaps)?
You mean that mysql was being restarted when these errors occurred? No,
it was up and running ...
> Regards,
> --
> Louis Munro
--
-----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"
while since I did OO Perl
though.. :P
> Thanks
--
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complet
1 0 15:21 ?00:00:00 pfdhcplistener_ens7
root 1845 1 0 15:21 ?00:00:00 pfdhcplistener_ens3
> --
> Louis Munro
--
-----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
“Space,” it says, “is big. Really big. You j
a dozen
times now.. And clearly other pieces of packetfence are working... So
is this some sort of bug, or .. ???
I'm running the latest packages available in the packetfence repo, plus
I've applied the latest patches via the addons/pf-maint.pl script..
Thoughts?
--
------
4:37 2016] -e: Use of uninitialized value in
concatenation (.) or string at
/usr/local/fingerbank/lib/fingerbank/Config.pm line 194.
> Thanks
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently
ewhere?
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
signature.asc
Description: OpenPGP d
fingerbank, and it doesn't look like
there are any other users in the fingerbank group.. perhaps that's the
issue?
Additionally, when I try to hit other links, I'm getting an error that
the server isn't running.. Is that something I need to explicitly start?
Thanks,
--
-----
with no key listed. And the rest of the fingerbank functionality
informs me that fingerbank isn't configured.
Is there some trick I'm missing here, or have I run into a bug?
Thanks,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
o.nu>)
> and PacketFence (www.packetfence.org <http://www.packetfence.org>)
>
>
>
> --
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/
e the portal for
802.1x scenarios? If so, how do I handle a guest network in that situation?
Thanks,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven
On 9/7/16 17:22, Jason 'XenoPhage' Frisvold wrote:
> Aha.. found it. Ok, so I have cleartext passwords now. Just trying to
> get 802.1x to behave now..
Ok, so very close to having this working now. I can log in via 802.1x,
the user/pass is checked, radius returns an accept. H
On 9/7/16 17:04, Jason 'XenoPhage' Frisvold wrote:
> Which is what I see in the database as well. That's obviously not a
> cleartext password, though.. Is there an option I need to enable to
> turn on cleartext passwords?
Aha.. found it. Ok, so I have cleartext passwords now. Ju
l: Cleartext-Password :=
"{bcrypt}$2a$08$Z.0fN/wWUZZsya6Y7AXVf.F3kFHrFy4SnvKrPpSdpFtGcfEXMGhRK"
Which is what I see in the database as well. That's obviously not a
cleartext password, though.. Is there an option I need to enable to
turn on cleartext passwords?
--
----
On 9/7/16 16:23, Jason 'XenoPhage' Frisvold wrote:
> Wed Sep 7 16:14:39 2016 : Auth: (8) Login incorrect (mschap:
> MS-CHAP2-Response is incorrect): [testuser] (from client 192.168.10.10
> port 50101 cli xx:xx:xx:xx:xx:xx via TLS tunnel)
So, the googles tell me that t
xx)
Before we go too much farther, I haven't changes the sources
configuration at all. Is there anything in there I need to add/change?
The radiusd output is rather long.. The above error is in the radiusd
output as well, so that's likely what you're looking for..
--
-
Interestingly, MAB works just fine. After 802.1x fails I can open a web
page and log in via the packetfence portal ...
On 9/7/16 15:23, Jason 'XenoPhage' Frisvold wrote:
> Hi all,
>
> I'm trying to set up a new packetfence instance to authenticate via
> 802.1x. I'm working o
)
Wed Sep 7 15:18:20 2016 : [mac:xx:xx:xx:xx:xx:xx] Rejected user: testuser
Thanks,
--
-----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"A common mistake that people make when trying to design something
completely foolproof is
azing how much you forget when you haven't done
something for a while. That said, I have the initial install up and
running, now to configure it. Or, rather, find the time to configure
it.. Always battling the clock.. :)
--
-------
Jason 'XenoPhage' Frisvold
xeno
h means I can't get
> past the network page.
>
> So what am I doing wrong?
>
> Thanks,
>
>
>
> --
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https:/
of connectivity.
So, I can't get the management role assigned, which means I can't get
past the network page.
So what am I doing wrong?
Thanks,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced
is just more dynamic and would allow us to cut down on the
> number of services running.
I admit that I haven't kept up with FreeRADIUS in recent years, but a
DHCP server? That seems an odd use... But ok. :)
> Regards
> --
> Louis Munro,
--
------
be
used for this, or should I be looking elsewhere?
Or maybe it's better in the long run to keep it separate anyway.
Thoughts?
Thanks,
--
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced
Greeting,
After a bit of a hiatus from the packet fence world, I'm back and looking at
building a new system for a shiny new network. So, first question. Has anyone
tried packet fence with a Cisco 2960-CX?
I believe it's a standard IOS device, so I expect it will work like most
others, but
Wow, 6.0. Congrats!
All this progress makes me wish I still needed a NAC solution. Maybe soon. :)
Maybe I'll install this in a VM just to check it out. :)
When is docker support coming?
- Friz
> On Apr 19, 2016, at 18:25, Ludovic Marcotte wrote:
>
> The Inverse team is
packetfence? (I *think* it supports that, but isn't
something I ever used/tried...)
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
“Space,” it says, “is big. Really big. You just won’t believe how
vastly, hugely, mindbogglingly big
,
Gary
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
A common mistake that people make when trying to design something
ompletely foolproof is to underestimate the ingenuity of complete fools.
- - The Hitchhikers Guide
. You can probably set the timers
for 7 days and have the system handle this for you.
thanks,
Jim Pott
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
--
One dashboard for servers and applications across Physical
in packetfence?
Thanks,
- --
- ---
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
f...@godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
- ---
Something mysterious
*
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux
On Sep 12, 2013, at 8:02 AM, Alberto Losada alosadagra...@gmail.com wrote:
Hi all,
I am seeing this kind of error from time to time which makes packetfence not
able to set the correct vlan of an already registered device into the switch:
Sep 12 13:02:43 httpd.admin(0) ERROR: invalid MAC:
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment
/ad1bad3e105badbd3dc3858ea2700e8585b5f654
Whoa!
Magic! That did it, thanks.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP
this. Am I missing a
checkbox somewhere?
Thanks,
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP
On Aug 27, 2013, at 7:40 AM, Josh Nathan josh.nat...@bfacademy.de wrote:
Hello,
networks.conf
[192.168.2.0]
netmask=255.255.255.0
gateway=192.168.2.1
next_hop=192.168.2.254
domain-name=inlinestu.mspacketfence.bfacademy.de
dns=208.67.220.220
dhcp_start=192.168.2.10
to add a node via PF4 GUI.
I agree that 1667 was incorrectly added as an association, but 1665 is
still open and marked as new.
MU
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic
On Jul 11, 2013, at 8:02 AM, frank muriuki rimifr...@yahoo.com wrote:
FabriceDerek..anyone..
Don't use the mac address of the end system. Put in a dummy address to start.
The act of the address not matching is what causes the switch to throw a port
security alert which, in turn, sends
nodes, shouldn't
they have expired by now? There are no location logs for any of them.
These are all registered nodes at the moment, does that make a
difference?
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently
and the next time that node tries to authenticate it will
take effect. If, however, I change the Status of a node as well, it
will force a reauth.
This feels like a bug to me.
Thanks,
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
...
... More as I get further along with the config. :)
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP
Greetings,
I don't think these questions are new, but I can't seem to find anything via
Google, so my apologies if you've seen these before.
We have a fairly large MPLS based network with a significant number of edge
VLANs. I have 802.1x and MAB working already, so my next step is captive
to happen to be considered a registered
node?
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE
}
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG
.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
Any sufficiently advanced magic is indistinguishable from technology.\
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird
concentrator maps to
a specific IP Pool for users. I can easily do this in RADIUS for
packetfence, but I'm not sure how to map the class to the vlan on the
packetfence side. Can someone please point me in the right direction?
Thanks,
- --
- ---
Jason 'XenoPhage
, or do they need to
be added to a config file somewhere?
Then after in the vlan/custom.pm uncomment the getnormalvlam
function and add something like this:
This looks simple enough, thanks. :)
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
I'm currently in the process of digging into Packetfence, intending
to use it as a replacement for an ancient NAC system. I'm finding,
however, that I need a bit of help. I've been poking around a bit and
I have some things
, the exact same thing plagues the Cisco NAC platform as
well. The fix for it was to bounce the port the user is connected to. It
seems the same could be done here as well.
Thanks,
--
Ludovic Marcotte
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
67 matches
Mail list logo