Re: [PacketFence-users] Unifi APs and CoA

Eugene, Make sure that PacketFence (not your own infrastructure DCHP server) is handing out IP addresses on the registration network. Also, make sure that you added the portal module to your wireless VLAN in PacketFence under the Networks tab (I think the box is labeled “Additional

[PacketFence-users] Multiple VLANs per Role

All, I am wondering if it is possible to define multiple VLANs per role and let the user choose which VLAN they want on. We have some users that will need to get on different VLANs at different times from a single account. Anyone have any guidance? Thank you, Timothy Mullican Sent from

[PacketFence-users] Role Assignment (G Suite/SAML)

All, I am trying to implement PacketFence on my network. I have added G Suite and SAML as an authentication method and that works. The problem I have is that we have several departments that operate on different VLANs. Is it possible to use certain attributes from a SAML source to determine the

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

>>> Hi Tim, >>> >>> As usual, your comments are invaluable ;) >>> >>> Looking at the guide which is in asciidoc to see how to properly deal with >>> Unifi. Would be nice to see pictures as they are missing. >>> >>> Also, do I need to re

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

s / dot1x > / interface“ config did not work with our switches, we had to explicitly name > the interfaces there. > > > Von: Timothy Mullican via PacketFence-users > [mailto:packetfence-users@lists.sourceforge.net] > Gesendet: Donnerstag, 1. Februar 2018 18:11 > An: packetfe

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

By the way, Fabrice Durand already added code to do this in pull request #2735 on github. See https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/2735.patch You can apply that patch to get it working. Also see

Re: [PacketFence-users] Unifi APs and CoA

Also have a look at the “[PacketFence-users] Ubiquiti UniFi AP Captive Portal” thread for my steps taken. Tim Sent from mobile phone > On Feb 1, 2018, at 10:17, David Harvey wrote: > > Many thanks for the tips. With your guidance I've been following the >

Re: [PacketFence-users] Unifi APs and CoA

David, Your understanding is correct. Currently the UniFi only supports deauthenticating a client using the controller API and not using CoA. It is possible to enable RADIUS CoA for a single SSID and frequency, but this may not be useful for you. This is because the UniFi runs a separate

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

Fabrice, I’m not sure, but is his error due to the following? The function deauth_source_ip (lib/pf/Switch.pm) is expecting the IP address to deauth, so it can determine the source interface to use in PacketFence. It is present in the default radiusDisconnect function, but

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

Can you post your entire switch config (scrubbed of sensitive info) and your /usr/local/pf/conf/switches.conf file? Thanks, Tim Sent from mobile phone > On Jan 4, 2018, at 07:19, André Scrivener wrote: > > Timonthy, > > After I changed to radius, I no longer look

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

On Jan 3, 2018, at 07:50, Fabrice Durand via PacketFence-users >> <packetfence-users@lists.sourceforge.net> wrote: >> >> I tried to add the DAS parameter directly in the configuration file of the >> AP and it works (CoA), but the limitation is that yo

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

parameter directly in the configuration file of the AP > and it works (CoA), but the limitation is that you can enable it only on one > ssid. > > https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf > > Regards > > Fabrice > > > > > Le 2017-12-29 à 16:

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

André, The message “Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your deauthentication method for the Switch (in PacketFence) is set to SNMP (see

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

ed to add the DAS parameter directly in the configuration file of the AP > and it works (CoA), but the limitation is that you can enable it only on one > ssid. > > https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf > > Regards > > Fabrice > > > >> Le

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

in the link. Please let me know if you have any questions. Thanks, Tim Sent from mobile phone > On Jan 2, 2018, at 21:03, Timothy Mullican via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Eugene, > > The patch is mandatory in order for

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

Eugene, The patch is mandatory in order for PacketFence to recognize that the UniFi supports 802.1x (and MAC-based auth). As for the controller, you should be able to get away without it if you do not need dynamic VLAN assignment. However, without the controller, PacketFence will not be able

[PacketFence-users] Fwd: Need an advice and maybe assistance with FreeRADIUS

I am running UniFi AP 3.9.15.8011 and Controller 5.6.26 (I’m using linuxserver/UniFi docker image on CentOS 7.4). First, make sure you applied the UniFi patch (see

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

Eugene, Just a thought, but can you change the deauthentication method to HTTPS and specify the UniFi controller IP? See my setup below: https://i.imgsafe.org/0c/0cff2c7f19.png https://i.imgsafe.org/0c/0cff2dfd99.png My UniFi AP is 192.168.20.7 My UniFi controller is 192.168.20.6 This is my

[PacketFence-users] PacketFence 802.1x External Auth

Hello, I was wondering if it is currently possible for PacketFence to authenticate 802.1x (FreeRADIUS) requests against an external provider (e.g., Okta — OAuth2/SAML). I see that the PacketFence captive portal auth currently supports SAML and OAuth2, but 802.1x uses different authentication

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

ect I need to setup 2 WIFI-SSID's to get PF to work: - One open SSID where users can register their device on the captive portal page - One 802.1X protected SSID with Radius assigned VLAN's and mac-address authentication. When the user has registered his or her device they now can c

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

s can register their device on the captive portal page - One 802.1X protected SSID with Radius assigned VLAN's and mac-address authentication. When the user has registered his or her device they now can connect to this protected SSID. Best regards, Geert   2017-12-12 23:53 GMT+01:0

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

Durand Subject: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal   Hello Guys, just upgraded my controller and oh surprise dynamic vlan assignment disappear Regards Fabrice Le 2017-12-13 à 02:40, Timothy Mullican via PacketFence-users a écrit : Geert, First in order to use 802.1x (

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

c: Fabrice Durand > Subject: Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal > > Hello Guys, > > just upgraded my controller and oh surprise dynamic vlan assignment disappear > .... > > > Regards > Fabrice > > > Le 2017-12-13 à 02:40, Timothy Mullican v

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

authentication. When the user has registered his or her device they now can connect to this protected SSID. Best regards,Geert 2017-12-12 23:53 GMT+01:00 Timothy Mullican via PacketFence-users <packetfence-users@lists.sourceforge.net>: Fabrice,I am running UniFi controller version 5.6.

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

fe.org/0a/0ace4cd6a1.png https://i.imgsafe.org/0a/0ace7ddd1e.png Thanks! On Tuesday, December 12, 2017, 5:48:27 PM CST, Timothy Mullican via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: Fabrice,I am running UniFi controller version 5.6.22 and UniFi AP-AC-

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

, ‎2017‎ ‎10‎:‎13‎:‎36‎ ‎AM‎ ‎CST, Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: You probably have to update the controller version. Le 2017-12-12 à 10:30, Timothy Mullican via PacketFence-users a écrit : Fabrice, On the UniFi cont

Re: [PacketFence-users] Ubiquiti UniFi AP Captive Portal

/unifi-radius.png > > Regards > > Fabrice > >> Le 2017-12-12 à 01:37, Timothy Mullican via PacketFence-users a écrit : >> Hello all, >> I am trying to setup a proof of concept using an Ubiquiti UniFi UAP-PRO with >> the following setup: >> >> Cisco 35

[PacketFence-users] Ubiquiti UniFi AP Captive Portal

Hello all, I am trying to setup a proof of concept using an Ubiquiti UniFi UAP-PRO with the following setup: Cisco 3560-E L3 Switch UniFi UAP-PRO UniFi Controller running on CentOS 7.3 (docker) on ESXi PacketFence running on CentOS 7.3 on ESXi The Cisco switch has the following VLANs: VLAN 2 -