Re: [PacketFence-users] LDAP

This is intended to be temporary anyway, so will push through with this since I have it at least partially working. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design some

Re: [PacketFence-users] LDAP

Yuck. 802.1x would be for enhanced security, but we’re limited to either cleartext or a crappy hash? I understand this isn’t your issue… Still sucks though. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently adv

Re: [PacketFence-users] LDAP

to get that information. Thanks, --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete

[PacketFence-users] LDAP

with an interface I can use to add users, change passwords, etc. Thanks, --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's

[PacketFence-users] Packetfence AD Auth and Office365

I have the option of using Office365, potentially, for authentication. Has anyone successfully set this up? If so, is there a runbook somewhere I can refer to? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mi

Re: [PacketFence-users] USB-C docks and MAB

registering the dock itself. > > Jes > > -Oprindelig meddelelse- > Fra: Jason 'XenoPhage' Frisvold via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > Sendt: 27. november 2017 23:17 > Til: packetfence-users@lists.sourceforge.net > Cc: Jason '

Re: [PacketFence-users] USB-C docks and MAB

very difficult to detect that if the port stays up when the computer is disconnected. 802.1x would help in this situation, if that's something you can deploy. -- ------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make wh

Re: [PacketFence-users] Guest Logins

ssign the Authentication::Password you created to a root module and use > that root module on the portal. > > Btw you need to have 7.1 minimum. > > Regards > > Fabrice > > > > Le 2017-07-13 à 15:55, Jason 'XenoPhage' Frisvold via PacketFence-users > a écr

[PacketFence-users] Multi-site PF and clustering?

. Thoughts? -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law signature.asc Description: OpenPGP digital

[PacketFence-users] Guest Logins

there? Thanks, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools." - The Hitchhikers Guide to

Re: [PacketFence-users] Inconsistent roles in switches definition

of those roles is only in the roles.conf file. Make sure you check both roles.conf and roles.conf.defaults in the /usr/local/pf/conf directory. > Thanks > > Luca -- ------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- “Space,” it says,

Re: [PacketFence-users] "default" user not pushing device to login portal

On 7/11/17 17:01, Jason 'XenoPhage' Frisvold via PacketFence-users wrote: > On 7/11/17 15:55, Louis Munro wrote: >> You don't need to enable the captive portal. >> It's on by default if you have an interface defined as type=registration. >> As long as you are sent to the regis

Re: [PacketFence-users] "default" user not pushing device to login portal

pd The only one I think is important here is the pfsetvlan service.. I'm actually kind of shocked that's disabled. That was, in previous versions, really important. Should these be enabled? Could they be causing some of the issues? -- ------- Jason 'XenoPhage' Frisvold xenoph...@gods

Re: [PacketFence-users] "default" user not pushing device to login portal

(www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from techno

Re: [PacketFence-users] "default" user not pushing device to login portal

On 7/7/17 12:32, Jason 'XenoPhage' Frisvold via PacketFence-users wrote: > On 7/6/17 17:01, Louis Munro wrote: >> Hi Jason, >> At first glance, the logs below seem to indicate something is wrong when >> it comes to assigning a role to the device. >> >> Ca

Re: [PacketFence-users] "default" user not pushing device to login portal

that a whirl and see what happens.. Thanks! > Hope this helps, > -- > Louis Munro -- ------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- “Space,” it says, “is big. Really big. You just won’t believe how vastly, hugely, mindbogglingly bi

[PacketFence-users] "default" user not pushing device to login portal

10.10.1 port 50105 cli yy:yy:yy:yy:yy:yy) Thanks! -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of

[PacketFence-users] User accounts

, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law signature.asc Description: OpenPGP digital

Re: [PacketFence-users] Lets Encrypt compatability

SneakerNet: Aquinas Hall Room 008-A > > > From: Jason 'XenoPhage' Frisvold <xenoph...@godshell.com> > <mailto:xenoph...@godshell.com> > Reply: packetfence-users@lists.sourceforge.net > <packetfence-users@lists.sourceforge.net> > <mailto:packetfen

Re: [PacketFence-users] MySQL has gone away?

for so many hours. Maybe when pfmon is not running for some reason? > > We never had this issue again, but nevertheless I set wait_timeout in > my.cf to 43200 = 12 hours. > > Maybe this helps in you, too. > > Regards, > Till > > On 29.09.2016 19:34, Jason 'XenoP

Re: [PacketFence-users] MySQL has gone away?

at mysql may be restarted (by systemd perhaps)? You mean that mysql was being restarted when these errors occurred? No, it was up and running ... > Regards, > -- > Louis Munro -- ----------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "

Re: [PacketFence-users] Fingerbank API key not working

while since I did OO Perl though.. :P > Thanks -- ------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complet

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

1 0 15:21 ?00:00:00 pfdhcplistener_ens7 root 1845 1 0 15:21 ?00:00:00 pfdhcplistener_ens3 > -- > Louis Munro -- ----------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- “Space,” it says, “is big. Really big. You j

[PacketFence-users] MySQL has gone away?

a dozen times now.. And clearly other pieces of packetfence are working... So is this some sort of bug, or .. ??? I'm running the latest packages available in the packetfence repo, plus I've applied the latest patches via the addons/pf-maint.pl script.. Thoughts? -- ------

Re: [PacketFence-users] Fingerbank API key not working

4:37 2016] -e: Use of uninitialized value in concatenation (.) or string at /usr/local/fingerbank/lib/fingerbank/Config.pm line 194. > Thanks -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

ewhere? -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law signature.asc Description: OpenPGP d

Re: [PacketFence-users] Fingerbank API key not working

fingerbank, and it doesn't look like there are any other users in the fingerbank group.. perhaps that's the issue? Additionally, when I try to hit other links, I'm getting an error that the server isn't running.. Is that something I need to explicitly start? Thanks, -- -----

[PacketFence-users] Fingerbank API key not working

with no key listed. And the rest of the fingerbank functionality informs me that fingerbank isn't configured. Is there some trick I'm missing here, or have I run into a bug? Thanks, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

o.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > > > > -- > > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

e the portal for 802.1x scenarios? If so, how do I handle a guest network in that situation? Thanks, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced magic is indistinguishable from technology." - Niven

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 17:22, Jason 'XenoPhage' Frisvold wrote: > Aha.. found it. Ok, so I have cleartext passwords now. Just trying to > get 802.1x to behave now.. Ok, so very close to having this working now. I can log in via 802.1x, the user/pass is checked, radius returns an accept. H

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 17:04, Jason 'XenoPhage' Frisvold wrote: > Which is what I see in the database as well. That's obviously not a > cleartext password, though.. Is there an option I need to enable to > turn on cleartext passwords? Aha.. found it. Ok, so I have cleartext passwords now. Ju

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

l: Cleartext-Password := "{bcrypt}$2a$08$Z.0fN/wWUZZsya6Y7AXVf.F3kFHrFy4SnvKrPpSdpFtGcfEXMGhRK" Which is what I see in the database as well. That's obviously not a cleartext password, though.. Is there an option I need to enable to turn on cleartext passwords? -- ----

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 16:23, Jason 'XenoPhage' Frisvold wrote: > Wed Sep 7 16:14:39 2016 : Auth: (8) Login incorrect (mschap: > MS-CHAP2-Response is incorrect): [testuser] (from client 192.168.10.10 > port 50101 cli xx:xx:xx:xx:xx:xx via TLS tunnel) So, the googles tell me that t

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

xx) Before we go too much farther, I haven't changes the sources configuration at all. Is there anything in there I need to add/change? The radiusd output is rather long.. The above error is in the radiusd output as well, so that's likely what you're looking for.. -- -

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Interestingly, MAB works just fine. After 802.1x fails I can open a web page and log in via the packetfence portal ... On 9/7/16 15:23, Jason 'XenoPhage' Frisvold wrote: > Hi all, > > I'm trying to set up a new packetfence instance to authenticate via > 802.1x. I'm working o

[PacketFence-users] 802.1x and radius error : Reading winbind reply failed

) Wed Sep 7 15:18:20 2016 : [mac:xx:xx:xx:xx:xx:xx] Rejected user: testuser Thanks, -- ----------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "A common mistake that people make when trying to design something completely foolproof is

Re: [PacketFence-users] Installation Help

azing how much you forget when you haven't done something for a while. That said, I have the initial install up and running, now to configure it. Or, rather, find the time to configure it.. Always battling the clock.. :) -- ------- Jason 'XenoPhage' Frisvold xeno

Re: [PacketFence-users] Installation Help

h means I can't get > past the network page. > > So what am I doing wrong? > > Thanks, > > > > -- > > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https:/

[PacketFence-users] Installation Help

of connectivity. So, I can't get the management role assigned, which means I can't get past the network page. So what am I doing wrong? Thanks, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced

Re: [PacketFence-users] DHCP

is just more dynamic and would allow us to cut down on the > number of services running. I admit that I haven't kept up with FreeRADIUS in recent years, but a DHCP server? That seems an odd use... But ok. :) > Regards > -- > Louis Munro, -- ------

[PacketFence-users] DHCP

be used for this, or should I be looking elsewhere? Or maybe it's better in the long run to keep it separate anyway. Thoughts? Thanks, -- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- "Any sufficiently advanced

[PacketFence-users] Cosco 2960-CX

Greeting, After a bit of a hiatus from the packet fence world, I'm back and looking at building a new system for a shiny new network. So, first question. Has anyone tried packet fence with a Cisco 2960-CX? I believe it's a standard IOS device, so I expect it will work like most others, but

Re: [PacketFence-users] [PacketFence-devel] ANN: PacketFence 6.0.0

Wow, 6.0. Congrats! All this progress makes me wish I still needed a NAC solution. Maybe soon. :) Maybe I'll install this in a VM just to check it out. :) When is docker support coming? - Friz > On Apr 19, 2016, at 18:25, Ludovic Marcotte wrote: > > The Inverse team is

Re: [PacketFence-users] 802.1x authentication

packetfence? (I *think* it supports that, but isn't something I ever used/tried...) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- “Space,” it says, “is big. Really big. You just won’t believe how vastly, hugely, mindbogglingly big

Re: [PacketFence-users] registered users 'stuck' in registration network

, Gary - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- A common mistake that people make when trying to design something ompletely foolproof is to underestimate the ingenuity of complete fools. - - The Hitchhikers Guide

Re: [PacketFence-users] Expiration and Mass Deregister

. You can probably set the timers for 7 days and have the system handle this for you. thanks, Jim Pott Jason 'XenoPhage' Frisvold xenoph...@godshell.com -- One dashboard for servers and applications across Physical

[PacketFence-users] Possible Bug - 802.1x with machine auth

in packetfence? Thanks, - -- - --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer f...@godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 - --- Something mysterious

[PacketFence-users] Windows 7 SSO and PF

* - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux

Re: [PacketFence-users] Errors in packetfence.log about mac address

On Sep 12, 2013, at 8:02 AM, Alberto Losada alosadagra...@gmail.com wrote: Hi all, I am seeing this kind of error from time to time which makes packetfence not able to set the correct vlan of an already registered device into the switch: Sep 12 13:02:43 httpd.admin(0) ERROR: invalid MAC:

Re: [PacketFence-users] Sign up link on captive portal?

- -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment

Re: [PacketFence-users] 4.0.6 - stop services?

/ad1bad3e105badbd3dc3858ea2700e8585b5f654 Whoa! Magic! That did it, thanks. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

[PacketFence-users] Sign up link on captive portal?

this. Am I missing a checkbox somewhere? Thanks, - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

Re: [PacketFence-users] PacketFence 4.0.5 VLAN Problems

On Aug 27, 2013, at 7:40 AM, Josh Nathan josh.nat...@bfacademy.de wrote: Hello, networks.conf [192.168.2.0] netmask=255.255.255.0 gateway=192.168.2.1 next_hop=192.168.2.254 domain-name=inlinestu.mspacketfence.bfacademy.de dns=208.67.220.220 dhcp_start=192.168.2.10

Re: [PacketFence-users] Manually add a node via PF4 GUI

to add a node via PF4 GUI. I agree that 1667 was incorrectly added as an association, but 1665 is still open and marked as new. MU - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

Re: [PacketFence-users] Change of Vlans not working

On Jul 11, 2013, at 8:02 AM, frank muriuki rimifr...@yahoo.com wrote: FabriceDerek..anyone.. Don't use the mac address of the end system. Put in a dummy address to start. The act of the address not matching is what causes the switch to throw a port security alert which, in turn, sends

[PacketFence-users] Expiration

nodes, shouldn't they have expired by now? There are no location logs for any of them. These are all registered nodes at the moment, does that make a difference? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently

[PacketFence-users] Changing Roles

and the next time that node tries to authenticate it will take effect. If, however, I change the Status of a node as well, it will force a reauth. This feels like a bug to me. Thanks, - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

[PacketFence-users] PF 4.0 Install Notes

... ... More as I get further along with the config. :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

[PacketFence-users] Captive Portal Implementation

Greetings, I don't think these questions are new, but I can't seem to find anything via Google, so my apologies if you've seen these before. We have a fairly large MPLS based network with a significant number of edge VLANs. I have 802.1x and MAB working already, so my next step is captive

[PacketFence-users] Usage Questions

to happen to be considered a registered node? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE

Re: [PacketFence-users] RADIUS LDAP

} - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG

Re: [PacketFence-users] RADIUS LDAP

. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird

[PacketFence-users] RADIUS LDAP

concentrator maps to a specific IP Pool for users. I can easily do this in RADIUS for packetfence, but I'm not sure how to map the class to the vlan on the packetfence side. Can someone please point me in the right direction? Thanks, - -- - --- Jason 'XenoPhage

Re: [PacketFence-users] RADIUS LDAP

, or do they need to be added to a config file somewhere? Then after in the vlan/custom.pm uncomment the getnormalvlam function and add something like this: This looks simple enough, thanks. :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

[PacketFence-users] New PF install, new user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I'm currently in the process of digging into Packetfence, intending to use it as a replacement for an ancient NAC system. I'm finding, however, that I need a bit of help. I've been poking around a bit and I have some things

Re: [Packetfence-users] Apple Snow Leopard and Lion work around?

, the exact same thing plagues the Cisco NAC platform as well. The fix for it was to bounce the port the user is connected to. It seems the same could be done here as well. Thanks, -- Ludovic Marcotte --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com