Re: [PacketFence-users] Restore database pf 8.0.1

[Jeimerson C. Chaves via PacketFence-users]

Hello, Fabrice.

End restore?  Don't have script?
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-23 16:18 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> The cronjob run a script to have the database and the files backuped in
> /root/backup
>
> addons/database-backup-and-maintenance.sh
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2018-05-23 à 11:01, Jeimerson C. Chaves via PacketFence-users a écrit :
>>
>> Hello,
>>
>> How can I do a backup of the database and the files? What are in / root /
>> backup
>> I'm using clustered.
>>
>> Thank you very much.
>>
>>
>> Com os melhores cumprimentos.
>>
>> Jeimerson Chaves
>>
>> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
>> informáticos com ele transmitidos são confidenciais, podem conter
>> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
>> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
>> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
>> queira informar de imediato o remetente e proceder à destruição da
>> mensagem e de eventuais cópias.
>>
>> Confidentiality Warning: This e-mail and any files transmitted with it
>> are confidential and may be privileged and are intended solely for the
>> use of the individual or entity to whom they are addressed. Their
>> contents may not be altered. lf you are not the intended recipient of
>> this communication please notify the sender and delete and destroy all
>> copies immediately.
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice Durand
> fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Restore database pf 8.0.1

[Jeimerson C. Chaves via PacketFence-users]

Hello,

How can I do a backup of the database and the files? What are in / root / backup
I'm using clustered.

Thank you very much.


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cluster PF 8.0.1

[Jeimerson C. Chaves via PacketFence-users]

So VIP address is only for the management interface correct? Do we
have to point to that VIP address in the other managements interface?
Something like this:

eth0 in pfence01:
IP: 10.160.26.28
VIP: 10.160.26.20

eth0 in pfence02:
IP: 10.160.26.29
VIP: 10.160.26.20

eth0 in pfence03:
IP: 10.160.26.30
VIP: 10.160.26.20

Kind Regards
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-17 14:31 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
>
>
> Le 2018-05-17 à 09:09, Jeimerson C. Chaves via PacketFence-users a écrit :
>>
>> Hello Fabrice,
>>
>> In the how to, my interpretation is that we have to define VIP for
>> every single interface.
>
> It's written nowhere in the documentation and this is probably why you can't
> start mysql, so remove all the vip parameter you have in pf.conf and do a
> "pfcmd configreload hard"
> The cluster.conf looks good.
>
> Regards
> Fabrice
>
>
>>
>>
>> In order to create a new cluster, you need to configure
>> /usr/local/pf/conf/cluster.conf on the first server of your cluster.
>>
>> You will need to configure it with your server hostname. To get it use
>> : hostname in a command line.
>>
>> In the case of this example it will be pf1.example.com.
>>
>> The CLUSTER section represents the virtual IP addresses of your
>> cluster that will be shared by your servers.
>>
>> In this example, eth0 is the management interface, eth1.2 is the
>> registration interface and eth1.3 is the isolation interface.
>>
>> On the first server, create a configuration similar to this :
>>
>> [CLUSTER]
>> management_ip=192.168.1.10
>>
>> [CLUSTER interface eth0]
>> ip=192.168.1.10
>>
>> [CLUSTER interface eth1.2]
>> ip=192.168.2.10
>>
>> [CLUSTER interface eth1.3]
>> ip=192.168.3.10
>>
>> [pf1.example.com]
>> management_ip=192.168.1.5
>>
>> [pf1.example.com interface eth0]
>> ip=192.168.1.5
>>
>> [pf1.example.com interface eth1.2]
>> ip=192.168.2.5
>>
>> [pf1.example.com interface eth1.3]
>> ip=192.168.3.5
>>
>> [pf2.example.com]
>> management_ip=192.168.1.6
>>
>> [pf2.example.com interface eth0]
>> ip=192.168.1.6
>>
>> [pf2.example.com interface eth1.2]
>> ip=192.168.2.6
>>
>> [pf2.example.com interface eth1.3]
>> ip=192.168.3.6
>>
>> [pf3.example.com]
>> management_ip=192.168.1.7
>>
>> [pf3.example.com interface eth0]
>> ip=192.168.1.7
>>
>> [pf3.example.com interface eth1.2]
>> ip=192.168.2.7
>>
>> [pf3.example.com interface eth1.3]
>> ip=192.168.3.7
>> Com os melhores cumprimentos.
>>
>> Jeimerson Chaves
>>
>> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
>> informáticos com ele transmitidos são confidenciais, podem conter
>> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
>> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
>> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
>> queira informar de imediato o remetente e proceder à destruição da
>> mensagem e de eventuais cópias.
>>
>> Confidentiality Warning: This e-mail and any files transmitted with it
>> are confidential and may be privileged and are intended solely for the
>> use of the individual or entity to whom they are addressed. Their
>> contents may not be altered. lf you are not the intended recipient of
>> this communication please notify the sender and delete and destroy all
>> copies immediately.
>>
>>
>>
>>
>> 2018-05-17 13:39 GMT+01:00 Fabrice Durand via PacketFence-users
>> <packetfence-users@lists.sourceforge.net>:
>>>
>>> Hello Jeimerson,
>>>
>>> follow exactly

Re: [PacketFence-users] Cluster PF 8.0.1

[Jeimerson C. Chaves via PacketFence-users]

Hello Fabrice,

In the how to, my interpretation is that we have to define VIP for
every single interface.


In order to create a new cluster, you need to configure
/usr/local/pf/conf/cluster.conf on the first server of your cluster.

You will need to configure it with your server hostname. To get it use
: hostname in a command line.

In the case of this example it will be pf1.example.com.

The CLUSTER section represents the virtual IP addresses of your
cluster that will be shared by your servers.

In this example, eth0 is the management interface, eth1.2 is the
registration interface and eth1.3 is the isolation interface.

On the first server, create a configuration similar to this :

[CLUSTER]
management_ip=192.168.1.10

[CLUSTER interface eth0]
ip=192.168.1.10

[CLUSTER interface eth1.2]
ip=192.168.2.10

[CLUSTER interface eth1.3]
ip=192.168.3.10

[pf1.example.com]
management_ip=192.168.1.5

[pf1.example.com interface eth0]
ip=192.168.1.5

[pf1.example.com interface eth1.2]
ip=192.168.2.5

[pf1.example.com interface eth1.3]
ip=192.168.3.5

[pf2.example.com]
management_ip=192.168.1.6

[pf2.example.com interface eth0]
ip=192.168.1.6

[pf2.example.com interface eth1.2]
ip=192.168.2.6

[pf2.example.com interface eth1.3]
ip=192.168.3.6

[pf3.example.com]
management_ip=192.168.1.7

[pf3.example.com interface eth0]
ip=192.168.1.7

[pf3.example.com interface eth1.2]
ip=192.168.2.7

[pf3.example.com interface eth1.3]
ip=192.168.3.7
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-17 13:39 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Hello Jeimerson,
>
> follow exactly what you have in
> https://packetfence.org/doc/PacketFence_Clustering_Guide.html .
>
> A quick look show me that you defined VIP on each interfaces, it's only use
> when you do a cluster of 2 with corosync and pacemaker.
>
> So follow the documentation and it should be good.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-17 à 06:08, Jeimerson C. Chaves via PacketFence-users a écrit :
>
> Hi, Fabrice,
>
> Hello, I'm redoing the how to, for the fifteenth time,
> As you can see in the screenscreens, you can see that Mysql runs in the IP
> VIP.
> It only ran after I made the change in the configuration file.
> I am using VMware ESXi for the lab.
> The in port services 1443 and 9090 do not run in the IP of the
> management, only ip VIP.
>
> Thank you in advance.
>
>
> pf.conf
>
> # Hostname of PacketFence system.  This is concatenated with the
> domain in Apache rewriting rules and therefore must be resolvable by
> clients.
> hostname=pfence001
> #
> # general.dhcpservers
> #
> # Comma-delimited list of DHCP servers.  Passthroughs are created to
> allow DHCP transactions from even "trapped" nodes.
> dhcpservers=127.0.0.1,10.161.16.21
>
> [alerting]
> #
> # alerting.emailaddr
> #
> # Email address to which notifications of rogue DHCP servers,
> violations with an action of "email", or any other
> # PacketFence-related message goes to.
> emailaddr=pfence@localhost
>
> [database]
> #
> # database.pass
> #
> # Password for the mysql database used by PacketFence. Changing this
> parameter after the initial configuration will *not* change it in the
> database it self, only in the configuration.
> pass=zaq12wsx
>
> [advanced]
> #
> # advanced.hash_passwords
> #
> # The algorithm to use to hash the passwords in the local database.
> hash_passwords=ntlm
>
> [interface eth0]
> ip=10.161.16.28
> type=management,portal,radius,high-availability
> vip=10.60.60.20
> mask=255.255.255.0
>
> [interface eth3]
> enforcement=vlan
> ip=10.60.60.28
> type=internal
> vip=10.60.60.20
> mask=255.255.255.0
>
> [interface eth4]
> enforcement=vlan
> ip=10.70.70.28
> type=internal
> vip=10.70.70.20
> mask=255.255.255.0
>
> ###
>
> log mariadb_error
>
>
> May 17 09:51:30 pfence01 mysqld:
> May 17 09:51:33 pf

Re: [PacketFence-users] Network Devices lost

[Jeimerson C. Chaves via PacketFence-users]

Have in pf.conf

End lost in eth4.
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-17 12:20 GMT+01:00 Jeimerson C. Chaves :
> Hello,
>
> Again, I am disturbing, but when configuring the registration
> interface, it disappears, as it can be verified.
> Thank you.
>
>
> Com os melhores cumprimentos.
>
> Jeimerson Chaves
>
> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
> informáticos com ele transmitidos são confidenciais, podem conter
> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
> queira informar de imediato o remetente e proceder à destruição da
> mensagem e de eventuais cópias.
>
> Confidentiality Warning: This e-mail and any files transmitted with it
> are confidential and may be privileged and are intended solely for the
> use of the individual or entity to whom they are addressed. Their
> contents may not be altered. lf you are not the intended recipient of
> this communication please notify the sender and delete and destroy all
> copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Cluster

[Jeimerson C. Chaves via PacketFence-users]

Hello, ALL,

In cluster address ip management local not start port 1443.

Follow the manual, where can I be wrong?

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cluster

[Jeimerson C. Chaves via PacketFence-users]

# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster section
# Before doing any changes to this file, read the documentation
[CLUSTER]
management_ip=10.161.16.20

[CLUSTER interface eth0]
ip=10.161.16.20

[CLUSTER interface eth3]
ip=10.70.70.20

[CLUSTER interface eth4]
ip=10.60.60.20

[packetfence1]
management_ip=10.161.16.25

[packetfence1 interface eth0]
ip=10.161.16.25

[packetfence1 interface eth3]
ip=10.70.70.25

[packetfence1 interface eth4]
ip=10.60.60.25

[packetfence2]
management_ip=10.161.16.26

[packetfence2 interface eth0]
ip=10.161.16.26

[packetfence2 interface eth3]
ip=10.70.70.26

[packetfence2 interface eth4]
ip=10.60.60.26


#3
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=samba.nac
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the
domain in Apache rewriting rules and therefore must be resolvable by
clients.
hostname=packetfence1
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to
allow DHCP transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,10.161.16.21

[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers,
violations with an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=far.pere...@campus.fct.unl.pt

[database]
host=localhost
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this
parameter after the initial configuration will *not* change it in the
database it self, only in the configuration.
pass=zaq12wsx

[active_active]
# Change these 2 values by the credentials you've set when configuring
MariaDB above
galera_replication_username=pfcluster
galera_replication_password=zaq12wsx

[webservices]
user=packet
pass=fence

[advanced]
#
# advanced.hash_passwords
#
# The algorithm to use to hash the passwords in the local database.
hash_passwords=ntlm
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers,
violations with an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=

[database]
host=localhost
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this
parameter after the initial configuration will *not* change it in the
database it self, only in the configuration.
pass=zaq12wsx

[active_active]
# Change these 2 values by the credentials you've set when configuring
MariaDB above
galera_replication_username=pfcluster
galera_replication_password=zaq12wsx

[webservices]
user=packet
pass=fence

[advanced]
#
# advanced.hash_passwords
#
# The algorithm to use to hash the passwords in the local database.
hash_passwords=ntlm

[interface eth0]
ip=10.161.16.25
type=management,portal,radius,high-availability
vip=10.161.16.20
mask=255.255.255.0

[interface eth3]
enforcement=vlan
ip=10.70.70.25
type=internal
vip=10.70.70.20
mask=255.255.255.0

[interface eth4]
enforcement=vlan
ip=10.60.60.25
type=internal
vip=10.60.60.20
mask=255.255.255.0

Tnks

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




Em 11 de maio de 2018 11:02, Jeimerson C. Chaves
 escreveu:
> Hello, ALL,
>
> In cluster address ip management local not start port 1443.
>
> Follow the manual, where can I be wrong?
>
> Com os melhores cumprimentos.
>
> Jeimerson Chaves
>
> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
> informáticos com ele transmitidos são confidenciais, podem conter
> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
> queira informar de imediato o remetente e proceder à destruição da
> mensagem e de eventuais cópias.
>
> Confidentiality Warning: This e-mail and any files transmitted with it
> are confidential and may be privileged and are intended solely for the
> use of the individual or entity to whom they are addressed. Their
> contents may not be 

[PacketFence-users] Devices Registration

[Jeimerson C. Chaves via PacketFence-users]

Hello,

The Roles are not appearing for the choice. In Devices.
As shown in the picture.



Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Unlock Device

[Jeimerson C. Chaves via PacketFence-users]

May  4 10:42:58 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:42:58 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:01 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:01 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:07 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:07 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:10 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:14 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:14 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:17 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:17 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:20 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:20 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:23 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:24 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3364) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:27 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:27 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:30 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:30 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:33 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:33 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3074) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:36 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:36 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 10:43:36 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3403) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 10:43:36 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3364) INFO: 

Re: [PacketFence-users] Unlock Device

[Jeimerson C. Chaves via PacketFence-users]

May  4 11:04:08 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] User default has
authenticated on the portal. (Class::MOP::Class:::after)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] Reevaluating access
of device. 
(captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] VLAN reassignment is
forced. (pf::enforcement::_should_we_reassign_vlan)
May  4 11:04:11 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3069) INFO: [mac:00:0c:29:75:9d:61] switch port is
(10.190.90.25) ifIndex 10014 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
May  4 11:04:12 PacketFence-ZEN pfqueue: pfqueue(3471) WARN:
[mac:00:0c:29:75:9d:61] Until CoA is implemented we will bounce the
port on VLAN re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)
May  4 11:04:21 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:04:f2:1e:b7:9e] Updating locationlog from accounting
request (pf::api::handle_accounting_metadata)
May  4 11:04:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
WIRED_MAC_AUTH,switch_mac => (00:26:98:96:21:8e), mac =>
[00:0c:29:75:9d:61], port => 10014, username => "000c29759d61"
(pf::radius::authorize)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
 (pf::role::_check_bypass)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] Connection type is WIRED_MAC_AUTH.
Getting role from node_info (pf::role::getRegisteredRole)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
 (pf::role::getRegisteredRole)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] PID: "default", Status: reg Returned
VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
 (pf::Switch::getVlanByName)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
 (pf::Switch::getVlanByName)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.25
(pf::Switch::getVlanByName)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 751.
 (pf::Switch::getRoleByName)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
754.
 (pf::Switch::getRoleByName)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  4 11:04:28 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2297)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  4 11:04:32 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(3341) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile
default 

Re: [PacketFence-users] PF 8 Device in Nodes not ON

[Jeimerson C. Chaves via PacketFence-users]

Hi, Peter,

Thank you so much
It worked.
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-04 0:36 GMT+01:00 Truax, Peter via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Jeimerson,
>
> Try these commands on the 2960.
>
> aaa accounting network default start-stop group packetfence
> aaa accounting identity default start-stop group packetfence
> aaa accounting dot1x default start-stop group packetfence
>
> It worked for me.
>
> Regards,
>
> Peter
>
> -----Original Message-
> From: Jeimerson C. Chaves via PacketFence-users 
> [mailto:packetfence-users@lists.sourceforge.net]
> Sent: Thursday, May 3, 2018 8:43 AM
> To: packetfence-users@lists.sourceforge.net
> Cc: Jeimerson C. Chaves <jeimer...@bsd.com.br>
> Subject: [PacketFence-users] PF 8 Device in Nodes not ON
>
> Hi there,
>
> When we connect a device to a 2950 Cisco Switch, he gets to authenticate and 
> is authorized in the network. In the NODES section it appears as ON (as it 
> should be), but when we move it to a 2960 Cisco Switch, it still 
> authenticates and can connects to the network but it's appearing as OFF.
>
>
> Com os melhores cumprimentos.
>
> Jeimerson Chaves
>
> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos 
> com ele transmitidos são confidenciais, podem conter informação privilegiada 
> e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem 
> são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha 
> recebido este e-mail indevidamente, queira informar de imediato o remetente e 
> proceder à destruição da mensagem e de eventuais cópias.
>
> Confidentiality Warning: This e-mail and any files transmitted with it are 
> confidential and may be privileged and are intended solely for the use of the 
> individual or entity to whom they are addressed. Their contents may not be 
> altered. lf you are not the intended recipient of this communication please 
> notify the sender and delete and destroy all copies immediately.
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF 8 Device in Nodes not ON

[Jeimerson C. Chaves via PacketFence-users]

Hi there,

When we connect a device to a 2950 Cisco Switch, he gets to
authenticate and is authorized in the network. In the NODES section it
appears as ON (as it should be), but when we move it to a 2960 Cisco
Switch, it still authenticates and can connects to the network but
it's appearing as OFF.


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bug PacketFence 8

[Jeimerson C. Chaves via PacketFence-users]

rning role 'Normal'
(pf::role::getRegisteredRole)
May  3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: Normal
(pf::role::fetchRoleForNode)
May  3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) ERROR:
[mac:unknown] Unable to locate user 'administra...@samba.nac'
(pf::Authentication::Source::LDAPSource::search_attributes_in_subclass)
May  3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) INFO:
[mac:unknown] Successfully did a person lookup for
administra...@samba.nac (pf::lookup::person::lookup_person)
May  3 12:39:42 PacketFence-ZEN pfqueue: pfqueue(8538) ERROR:
[mac:unknown] Can't use string ("Unable to validate credentials a"...)
as a HASH ref while "strict refs" in use at
/usr/local/pf/lib/pf/lookup/person.pm line 63.
 (pf::pfqueue::consumer::redis::process_next_job)
May  3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN
assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 20
(pf::radius::authorize)
May  3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:75:9d:61] (10.190.90.24) Added VLAN 20 to the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May  3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  3 12:39:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 12:39:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251)
INFO: [mac:[undef]] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)



Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-03 13:37 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Hello Jeimerson,
>
> can you try that:
>
> [SAMBA.NAC]
> cache_match=0
> read_timeout=10
> realms=
> password=Zaq!2wsx
> scope=sub
> binddn=nacad...@samba.nac
> port=389
> description=Teste de Autenticacao
> write_timeout=5
> type=AD
> basedn=DC=SAMBA,DC=NAC
> monitor=1
> set_access_level_action=
> email_attribute=mail
> usernameattribute=sAMAccountName
> connection_timeout=5
> encryption=none
> host=10.161.16.23
>
> Regards
> Fabrice
>
>
> Le 2018-05-03 à 04:32, Jeimerson C. Chaves via PacketFence-users a écrit :
>
> Hi,
>
>
> authentication.conf
>
> [SAMBA.NAC]
> cache_match=0
> read_timeout=10
> realms=
> password=Zaq!2wsx
> scope=base
> binddn=nacad...@samba.nac
> port=389
> description=Teste de Autenticacao
> write_timeout=5
> type=AD
> basedn=DC=SAMBA,DC=NAC
> monitor=1
> set_access_level_action=
> email_attribute=mail
> usernameattribute=sAMAccountName
> connection_timeout=5
> encryption=none
> host=10.161.16.23
>
> [SAMBA.NAC rule Test]
> action0=set_role=Normal
> match=all
> class=authentication
> action1=set_access_duration=12h
> description=Teste
>
> [SAMBA.NAC rule VoIP]
> action0=set_role=voice
> match=all
> class=authentication
> action1=set_access_duration=5D
> description=VoIP
>
> ##
>
> switches.conf
>
> [10.190.90.24]
> description=Cisco 2950
> group=Cisco_2950
> VoIPEnabled=N
>
> [10.190.90.25]
> description=Cisco 2960
> group=Cisco_2960
>
> [group Cisco_2950]
> deauthMethod=SNMP
> description=Switches Cisco 2950
> type=Cisco::Catalyst_2950
> VoIPEnabled=Y
> NormalVlan=20
> SNMPPrivPasswordTrap=zaq12wsx
> SNMPVersionTrap=2c
> macDetectionVlan=80
> isolationVlan=60
> radiusSecret=zaq12wsx
> SNMPVersion=2c
> SNMPPrivPasswordRead=zaq12wsx
> SNMPPrivPasswordWrite=zaq12wsx
> SNMPAuthPasswordWrite=zaq12wsx
> SNMPA

Re: [PacketFence-users] Problem with Fingerbank Gui

[Jeimerson C. Chaves via PacketFence-users]

Hi,

I was having the same problem, it was missing the DNS record in resolve.conf
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-03 7:26 GMT+01:00 Meiser Tobias via PacketFence-users
:
> Hello,
>
> we have updated our ZEN to PF 8.0 last week. Since then we are not able to
> access Configuration ->Compliance-> Fingerbank Profiling General Settings.
> The Gui keeps saying „Error! An error occured while contacting the server.
> Please try again later“.
>
> I don’t know if there is a relation to messages in Packetfence.log
>
> May  3 07:56:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(7189)
> ERROR: [mac:xx:xx:xx:xx:xx:xx] Unable to compute Fingerbank device
> information for 8c:dc:d4:51:df:93. Device profiling rules relying on it will
> not work. (DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception:
> DBD::SQLite::db prepare_cached failed: file is encrypted or is not a
> database [for Statement "SELECT COUNT( * ) FROM device me WHERE ( name = ?
> )"] at /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433)
> (pf::node::fingerbank_info)
>
> And
>
> May  3 07:58:08 PacketFence-ZEN pfqueue: pfqueue(12658) ERROR: [mac:
> xx:xx:xx:xx:xx:xx] Error handling fingerbank_process :
> DBIx::Class::Storage::DBI::_prepare_sth(): DBI Exception: DBD::SQLite::db
> prepare_cached failed: file is encrypted or is not a database [for Statement
> "SELECT COUNT( * ) FROM dhcp_fingerprint me WHERE ( value = ? )"] at
> /usr/local/pf/lib/fingerbank/Base/CRUD.pm line 433
> (pf::api::can_fork::notify)
>
>
> Fingerbank.conf:
>
> [upstream]
> api_key=xx
> use_https=disabled
>
> [proxy]
> use_proxy=enabled
> host=http://XX.XXX.XXX.XXX
> port=8080
> verify_ssl=disabled
>
>
> Any Ideas ?
>
>
> Best Regards
>
> Tobias Meiser
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bug PacketFence 8

[Jeimerson C. Chaves via PacketFence-users]

INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  3 08:32:04 PacketFence-ZEN pfipset[2121]:
t=2018-05-03T08:32:04+ lvl=info msg="Reloading ipsets" pid=2121
Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Can you share authentication.conf (remove sensible information)
>
>
> Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit :
>
> Hello,
>
> I installed PackerFence 8 on my lab, and I can not access the vlans.
> As the logs and prints follow.
>
> Thank you.
>
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
> switch_ip => (10.190.90.24), connection_type =>
> Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac =>
> [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac"
> (pf::radius::authorize)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
> (pf::Connection::ProfileFactory::_from_profile)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
> 'SAMBA.NAC' for realm 'samba.nac'
> (pf::config::util::filter_authentication_sources)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
> class. Defaulting to 'authentication' (pf::authentication::match2)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
> (pf::authentication::match2)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
> at /usr/local/pf/lib/pf/role.pm line 731.
>  (pf::role::_check_bypass)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
> 'SAMBA.NAC' for realm 'samba.nac'
> (pf::config::util::filter_authentication_sources)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
> (pf::authentication::match2)
> May  2 16:40:43 PacketFence-ZEN pfqueue: pfqueue(6064) INFO:
> [mac:unknown] undefined source id provided
> (pf::lookup::person::lookup_person)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
> concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
>  (pf::role::getRegisteredRole)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
> match a role - returning node based role ''
> (pf::role::getRegisteredRole)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
> reg Returned VLAN: (undefined), Role: (undefined)
> (pf::role::fetchRoleForNode)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
> hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
>  (pf::Switch::getVlanByName)
> May  2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
> WARN: [mac:00:0c:29:75:9

[PacketFence-users] PacketFence 8

[Jeimerson C. Chaves via PacketFence-users]

Hi, all.


In tests with PacketFence 8. i not sucess login.

Log


May  2 15:48:44 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:[undef]] CLI Access is not permit on this switch
10.190.90.25 (pf::radius::switch_access)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[00:0c:29:75:9d:61], port => 10010, username =>
"administra...@samba.nac" (pf::radius::authorize)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through
discovery protocols for ifIndex 10010
(pf::Switch::getPhonesDPAtIfIndex)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN pfqueue: pfqueue(4059) INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
 (pf::role::_check_bypass)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
 (pf::role::getRegisteredRole)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: (undefined)
(pf::role::fetchRoleForNode)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
 (pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
 (pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.25
(pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 751.
 (pf::Switch::getRoleByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
754.
 (pf::Switch::getRoleByName)
May  2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[00:0c:29:75:9d:61], port => 10010, username =>
"administra...@samba.nac" (pf::radius::authorize)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through
discovery protocols for ifIndex 10010

Re: [PacketFence-users] Problem with Samba 4 authentication

[Jeimerson C. Chaves via PacketFence-users]

Hi.

[SAMBA.NAC]
cache_match=0
read_timeout=10
realms=
password=Zaq!2wsx
scope=sub
binddn=nacad...@samba.nac
port=389
description=Teste de Autenticacao
write_timeout=5
type=AD
basedn=DC=SAMBA,DC=NAC
set_access_level_action=
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=starttls
host=10.161.16.23




[SAMBA]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=disabled
registration=1
ntlm_cache_expiry=3600
dns_name=SAMBA.NAC
dns_servers=10.161.16.23
ou=Computers
bind_pass=Zaq!2wsx
ntlm_cache_on_connection=disabled
bind_dn=Administrator
workgroup=SAMBA
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=10.161.16.23
ad_server=10.161.16.23
ntlm_cache_batch=disabled
server_name=packetfence



##

[root@PacketFence-ZEN conf]# chroot /chroots/SAMBA/ ntlm_auth
--request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac
--password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)
[root@PacketFence-ZEN conf]# raddebug -f
/usr/local/pf/var/run/radius.sock -t 3000
radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No
such file or directory
Perhaps you need to run the commands:cd /etc/raddb
ln -s sites-available/control-socket sites-enabled/control-socket
and then re-start the server?
[root@PacketFence-ZEN conf]#



Tks.





Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Hello Jeimerson,
>
> can you run:
>
> raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
>
> and paste the result when you try to connect.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
>> Hello everyone, I'm having problem with authentication, using Samba server 4.
>>
>> CLI authentication works. But, using the Cisco 2950 802.1x, does not
>> work according to the logs.
>>
>> 
>>
>> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
>> --username=nacad...@samba.nac --password='Zaq!2wsx'
>> NT_STATUS_OK: Success (0x0)
>>
>> #
>> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x00010

Re: [PacketFence-users] Problem with Samba 4 authentication

[Jeimerson C. Chaves via PacketFence-users]

[root@PacketFence-ZEN ~]# chroot /chroots/SAMBA/ ntlm_auth
--request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac
--password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)


[root@PacketFence-ZEN ~]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No
such file or directory
Perhaps you need to run the commands:cd /etc/raddb
ln -s sites-available/control-socket sites-enabled/control-socket
and then re-start the server?


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Hello Jeimerson,
>
> can you run:
>
> raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
>
> and paste the result when you try to connect.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
>> Hello everyone, I'm having problem with authentication, using Samba server 4.
>>
>> CLI authentication works. But, using the Cisco 2950 802.1x, does not
>> work according to the logs.
>>
>> 
>>
>> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
>> --username=nacad...@samba.nac --password='Zaq!2wsx'
>> NT_STATUS_OK: Success (0x0)
>>
>> #
>> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> (0) No reply from server for ID 149 socket 3
>>
>>
>> What could it be?
>>
>> If you can help me.
>>
>> I created a testing environment with VMware ESXi 6.5.
>>
>> #
>>
>>
>> MAC Address00:0c:29:75:9d:61
>> Auth StatusReject
>> Auth Typeeap
>> Auto Registrationno
>> Calling Station ID00:0c:29:75:9d:61
>> Computer nameN/A
>> EAP TypeMSCHAPv2
>> Event TypeRadius-Access-Request
>> IP Address
>> Is a Phoneno
>> Node statusN/A
>> DomainSAMBA
>> ProfileN/A
>> Realmsamba.nac
>> Reasonchrooted_mschap: Program returned code (1) and output 'Logon
>> failure (0xc06d)'
>> RoleN/A
>> SourceN/A
>> Stripped User Namenacadmin
>> User namenacad...@samba.nac
>> Unique ID
>>
>> ###

[PacketFence-users] PacketFence help with authentication in Samba 4

[Jeimerson C. Chaves via PacketFence-users]

Hi all,


I have problem from authentication in Samba 4.

MAC Address00:0c:29:75:9d:61
Auth StatusReject
Auth Typeeap
Auto Registrationno
Calling Station ID00:0c:29:75:9d:61
Computer nameN/A
EAP TypeMSCHAPv2
Event TypeRadius-Access-Request
IP Address
Is a Phoneno
Node statusN/A
DomainSAMBA
ProfileN/A
Realmsamba.nac
Reasonchrooted_mschap: Program returned code (1) and output 'Logon
failure (0xc06d)'
RoleN/A
SourceN/A
Stripped User Namenacadmin
User namenacad...@samba.nac
Unique ID

Switch IDN/A
Switch MACN/A
Switch IP AddressN/A
Called Station ID00:16:47:53:3e:08
Connection typeN/A
IfIndexN/A
NAS identifier
NAS IP Address10.190.90.24
NAS Port50008
NAS Port ID
NAS Port TypeEthernet
RADIUS Source IP Address10.190.90.24
Wi-Fi Network SSID

request_time0
RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
"00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id =
"00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac"
MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c
PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac"
Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message =
0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e00
00ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e00
6e616361646d696e4073616d62612e6e6163
MS-CHAP2-Response =
0x0761ce8f7270555af5072eea462eb420f41eceed66
e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e
Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500
Module-Failure-Message = "chrooted_mschap: Program returned code (1)
and output 'Logon failure (0xc06d)'" Module-Failure-Message =
"chrooted_mschap: External script says: Logon failure (0xc06d)"
Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is
incorrect" User-Password = "**" Module-Failure-Message = "Failed
retrieving values required to evaluate condition" SQL-User-Name =
"nacad...@samba.nac"
RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0
C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed"
EAP-Message = 0x04070004 Message-Authenticator =
0x



Need help please.

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos
com ele transmitidos são confidenciais, podem conter informação
privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou
entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser
alterado. Caso tenha recebido este e-mail indevidamente, queira informar de
imediato o remetente e proceder à destruição da mensagem e de eventuais
cópias.

Confidentiality Warning: This e-mail and any files transmitted with it are
confidential and may be privileged and are intended solely for the use of
the individual or entity to whom they are addressed. Their contents may not
be altered. lf you are not the intended recipient of this communication
please notify the sender and delete and destroy all copies immediately.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Problem with Samba 4 authentication

[Jeimerson C. Chaves via PacketFence-users]

Hello everyone, I'm having problem with authentication, using Samba server 4.

CLI authentication works. But, using the Cisco 2950 802.1x, does not
work according to the logs.



chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
--username=nacad...@samba.nac --password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)

#
radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
User-Name = "nacadmin"
MS-CHAP-Password = "Zaq!2wsx"
NAS-IP-Address = 169.254.0.2
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "Zaq!2wsx"
MS-CHAP-Challenge = 0xf8d279644d3003f7
MS-CHAP-Response =
0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
User-Name = "nacadmin"
MS-CHAP-Password = "Zaq!2wsx"
NAS-IP-Address = 169.254.0.2
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "Zaq!2wsx"
MS-CHAP-Challenge = 0xf8d279644d3003f7
MS-CHAP-Response =
0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
User-Name = "nacadmin"
MS-CHAP-Password = "Zaq!2wsx"
NAS-IP-Address = 169.254.0.2
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "Zaq!2wsx"
MS-CHAP-Challenge = 0xf8d279644d3003f7
MS-CHAP-Response =
0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
(0) No reply from server for ID 149 socket 3


What could it be?

If you can help me.

I created a testing environment with VMware ESXi 6.5.

#


MAC Address00:0c:29:75:9d:61
Auth StatusReject
Auth Typeeap
Auto Registrationno
Calling Station ID00:0c:29:75:9d:61
Computer nameN/A
EAP TypeMSCHAPv2
Event TypeRadius-Access-Request
IP Address
Is a Phoneno
Node statusN/A
DomainSAMBA
ProfileN/A
Realmsamba.nac
Reasonchrooted_mschap: Program returned code (1) and output 'Logon
failure (0xc06d)'
RoleN/A
SourceN/A
Stripped User Namenacadmin
User namenacad...@samba.nac
Unique ID



Switch IDN/A
Switch MACN/A
Switch IP AddressN/A
Called Station ID00:16:47:53:3e:08
Connection typeN/A
IfIndexN/A
NAS identifier
NAS IP Address10.190.90.24
NAS Port50008
NAS Port ID
NAS Port TypeEthernet
RADIUS Source IP Address10.190.90.24
Wi-Fi Network SSID


#

request_time0
RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
"00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id =
"00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac"
MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c
PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac"
Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message =
0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163
MS-CHAP2-Response =
0x0761ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e
Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500
Module-Failure-Message = "chrooted_mschap: Program returned code (1)
and output 'Logon failure (0xc06d)'" Module-Failure-Message =
"chrooted_mschap: External script says: Logon failure (0xc06d)"
Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is
incorrect" User-Password = "**" Module-Failure-Message = "Failed
retrieving values required to evaluate condition" SQL-User-Name =
"nacad...@samba.nac"
RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0
C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed"
EAP-Message = 0x04070004 Message-Authenticator =
0x



Thank you.

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered.