Hi Folks,
We are still trying to upgrade to 9.1 from 6.5 but when we switch over to the
new server several thousand clients
start to authenticate on the new server (MAB) and the ‘top’ display on the
server climbs in excess of 134 as the RADIUS
authentications start to bottleneck the whole
Hi Folks,
We are preparing the ground to move our PF deployment over from a 6.5 server to
a new 9.0.1 server.
We have over 50 technicians and managers that use this platform to monitor and
report on devices/users and these
people use ‘Saved Searches’ to quite an extent.
The ‘savedsearch’
This is exactly the bug I have logged already.
The PM code does not parse the switches.conf defined CoA port to the CoA
routines which then promptly uses the default port of 3799 regardless of the
switches.conf setting.
Andrew
From: Lierman, Andrew via PacketFence-users
Sent: 19 September
Hi Folks,
I am trying to make things a bit easier for non-technical staff to administer
parts of PacketFence 6.5 and want the ‘Nodes’ tab
to display the switch-port name ‘GigabitEthernet1/0/xx’ instead of the
meaningless ifIndex value 101xx.
It can display the switch name OK and the Switch IP
Hi folks,
I am trying to get our PF system migrated over to v9 but I am unable to get the
system to display our branded and customized
parking portal page. It works perfectly on our v6.5 server and I have the same
config in v9 but for some reason when I ‘park’ a device
the device is getting the
HI folks,
I have been playing with setting up wired MAB in PF and have set up the
following switches and switch groups:-
[default]
type=Cisco::Catalyst_2960
registrationVlan=820
isolationVlan=999
voiceVlan=22
cliTransport=SSH
cliUser=XXX
cliPwd=XXX
cliEnablePwd=XXX
SNMPVersion=2c
Hi folks,
Is it possible to change the date format in the v9 GUI so that dates are
displayed in UK format (dd/mm/yy) instead of US (mm/dd/yy).
We have recently had an issue where a bunch of users were de-registered
manually because the operator misread the date as 07/12/19 instead of 12/07/19.
=email_admin,reevaluate_access
desc=Overdue Hall Fees
enabled=Y
template=nonpayment
window=dynamic
max_enable=24
grace=30m
target_category=registration
vlan=registration
redirect_url=/common/NonPayment.html
auto_enable=N
trigger=
access_duration=12h
Any ideas.
Andrew Torry
Andrew Torry
Senior
Hi again,
Also you need to make sure that in your captive portal profile that the
layount.html file is actually loading the correct styles.css file.
I moved all my custom CSS files into a new folder (/common/cssfiles/) and then
tweak the layout.html file accordingly:-
Hi,
I understand your pain. I spent several weeks unpicking the mess Inverse made
of the mifration from 6.5 to 8.3 as far as
customisation was concerned.
They basically made it impossible to use previously customised captive portal
profiles in 8.3 without major rewrites
of the HTML code
Openvas has been broken on PacketFence since version 4 and as far as I can tell
still hasn't been fixed.
There is a 'Dependency issue' between the 'openvas' and 'openvas-cli' libraries
and those required by chunks of PacketFence itself.
You will find that the code calls the OMP command which
Follow up to my issues with pfdhcpdlistener process stalling when using
Fortigate firewall SSO
This seems to be some sort of race condition in the API processing of DHCP.
As far as I can tell the pfdhcplistener process analyses the DHCP packet and
punts it on to the
Hi folks,
I am having real problems figuring this out and I really need to get it sorted
soon.
My PF server (6.5) is NOT the DHCP server for the registration and user subnets.
The production DHCP server is relaying the DHCP activity to the PF server where
it is acted on
by the
domizing the MAC every single time, tell her tough beans, get a phone
that works correctly. :D
On Tue, Sep 19, 2017 at 10:15 AM, Torry, Andrew via PacketFence-users
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hi folks,
We have a
Hi folks,
We have a new student who cannot seem to get onto our PF controlled wifi since
her mobile phone
keeps randomising its MAC address. It appears this feature is hard coded into
the phones OS and
cannot be disabled. The only way we can see to fix this is to register every
one of the
Has anyone managed to get the NPM INSTALL –G GRUNT-CLI commands to work on the
PacketFence_ZEN_7.1 server image?
I can install NODEJS and NPM but the NPM INSTALL –G GRUNT-CLI command is
failing with a repository error all the time.
I need this in order to change the
Hi guys n gals,
Has anyone figured out how to install GRUNT to enable customisation of the main
CSS style sheet for the captive portal
yet.
I had absolutely no trouble with PF 6.5 but PF 7 is a pain in the proverbial
posterior (maybe a Centos 7 thing) but all I am
getting now is a persistent
14
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Multiple Graphs showing on 'System State' page
in PF 7
Hi Andrew,
On May 30, 2017, at 10:47, Torry, Andrew
<andrew.to...@fxplus.ac.uk<mailto:andrew.to...@fxplus.ac.uk>> wrote:
How do I go about getting rid of the sp
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=10.149.105.200
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
next_hop=10.255.20.231
Thank you in advance
Luca
Da: Torry, Andrew <andrew.to...@fxplus.ac.uk>
I
Hi Luca,
In routed mode the PF is effectively ‘Out-of-band’ so you would not need to add
local routes on the PF server
for your remote subnets since your PF will be using it’s default gateway to
reach devices on them.
The IPTABLES should be automatically configured to allow the remote subnets
All,
can you run pf-maint.pl and retry, i just made a patch to fix it.
Regards
Fabrice
Le 2017-05-04 à 11:17, Torry, Andrew a écrit :
Hi Antoine,
Fabrice advised that I should apply the maintenance patch and I have done this
regularly but the problem still persists.
The problem occurs from
list or
when you are in the configuration of a connection profile or both case?
Thanks
On 05/04/2017 10:10 AM, Torry, Andrew wrote:
I am pretty sure this is a bug as I have rebuilt a new server and still have
the same issue.
The 'Preview' option in the admin GUI displays the 'Default' profile fo
I am pretty sure this is a bug as I have rebuilt a new server and still have
the same issue.
The 'Preview' option in the admin GUI displays the 'Default' profile for all
profiles.
Regards
Andrew
From: Torry, Andrew [mailto:andrew.to...@fxplus.ac.uk]
Sent: 27 April 2017 14:01
To: packetfence
In the signup.html (or signin.html) file in the profile folder (or via the
GUI):-
replace:-
[% IF sms_carriers %]
[% out = form.get_field("mobileprovider").options(sms_carriers) %]
[% END %]
With:-
Mobile provider
NAME OF SMS PROVIDER TO
, Torry, Andrew a écrit :
Hi again folks,
I just realised that the 'Preview' button that does work after opening the
connection profile in the GUI is not previewing the selected profile
at all but is actually just previewing the 'default' profile regardless of
which profile is opened in the GUI
Hi again folks,
I just realised that the ‘Preview’ button that does work after opening the
connection profile in the GUI is not previewing the selected profile
at all but is actually just previewing the ‘default’ profile regardless of
which profile is opened in the GUI.
Any ideas what might
Hi folks,
I am trying to migrate my config from a 6.5 box (working) onto a 7.0 box.
I have copied and pasted config file entries for the ‘portal profiles’ now
called ‘Connection profiles’ and all appears to be correct.
I am though unable to ‘Preview’ any portal profiles except the ‘default’
Hi Folks,
I am just spinning up a new 6.5 PF server and was noticed that the script for
backing up the database is broken.
Running ‘/usr/pf/addons/database-backup-and-maintenance.sh’ gives:-
df: unrecognized option '--output=avail'
Try `df --help' for more information.
: Re: [PacketFence-users] How to configure switch for VLAN changes ?
On Apr 7, 2017, at 11:53 AM, Torry, Andrew
<andrew.to...@fxplus.ac.uk<mailto:andrew.to...@fxplus.ac.uk>> wrote:
I did not impicitly say that PF uses SNMP to change the VLAN.
The question was about how do you
mailto:lmu...@inverse.ca]
Sent: 07 April 2017 14:37
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] How to configure switch for VLAN changes ?
On Apr 7, 2017, at 4:48 AM, Torry, Andrew
<andrew.to...@fxplus.ac.uk<mailto:andrew.to...@fxplus.ac.uk>> wrote:
. But
RADIUS works well both on switch and server. I am just not sure how the RADIUS
server tells the switch to change the VLANs and I am not sure whether I have
configured the switch for this properly.
Thank you very much
Ondrej
-- Původní e-mail --
Od: Torry, Andrew <andrew
Check the QUEUE status in the GUI. You may well see that the dhcplistener is
backing up.
You can end up with such a big delay between the user getting an IP address via
DHCP and the
DHCPlistener process creating the NODE entry in the database that the users
browser tries to
connect to the
want to do in this case is to change the VLAN that a customer is
on based on their response
to the question.
Any suggestions would be great.
Andrew
From: Torry, Andrew [mailto:andrew.to...@fxplus.ac.uk]
Sent: 28 March 2017 14:11
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence
[% END %]
[%
svgIcon(id='ic_done_black_24px',size='small') %]
[% i18n("Continue") %]
The CSS still needs tweaking but it's functional. Does that make sense? It's
all in the development manual, sort of.
From: Torry, Andrew [mailto:andrew.to...@fx
Does that make sense? It's
all in the development manual, sort of.
From: Torry, Andrew [mailto:andrew.to...@fxplus.ac.uk]
Sent: 23 March 2017 15:48
To: packetfence-users@lists.sourceforge.net
Cc: Fitzgerald, Heather
Subject: Re: [PacketFence-users] Bespoke questions in registration portal pages
Your config for g3/0/1 is missing the most important bit.
I have it set up on a 2960X but the same config should work on a 3750.
You must configure some sort of port authorisation by adding:-
Interface g3/0/1
authentication host-mode multi-host
authentication order mab dot1x
authentication
already be in your production
environment at at the moment of scanning for vulnerabilities.
PacketFence scanning requires some violation triggers to be defined,
which are specific OIDs (alerts) that would not be tolerated.
Regards,
Thierry
On 02/27/2017 11:28 AM, Torry, Andrew wrote:
>
olation triggers to be defined,
> which are specific OIDs (alerts) that would not be tolerated.
>
> Regards,
> Thierry
> On 02/27/2017 11:28 AM, Torry, Andrew wrote:
>> Hi Folks,
>>
>> I was really hoping this would be working by now but I still cannot
> get th
Hi Folks,
I was really hoping this would be working by now but I still cannot get the
OpenVAS scanner functionality to work.
I have installed OpenVAS-CLI and the support libraries from the ATOMIC
repository but
my scan jobs fail because the OpenVAS application itself is not installed:-
: Re: [PacketFence-users] Problem with role assignment based and LDAP
group membership
Hello Torry,
Really cool to have all the details, btw it should work, did you try to
take a capture to see the answer of the AD ?
Regards
Fabrice
Le 2016-10-31 à 12:21, Torry, Andrew a écrit :
> Runn
Running with packetFence 6.3.1.
We need to create a separate role on our public WiFi for visiting school aged
children.
I have not had any problems with assigning roles based on AD group membership
before but
this one has me stumped as it flatly refuses to work.
Can you guys cast your eyes
If you want to use the 'Parking' feature then disabling OMAPI will break it.
I have had to tweak the lib/pf/dhcp/processor.pm file so that the DHCP listener
process
injects/updates OMAPI entries when a DHCP ACK is received.
This enables the OMAPI lookups to work and they will be in synch with
This is all very useful and a fine exercise in Linux semantics, but it does not
really help me much when
I have a manager asking me what this stuff all means and whether the server up
to the job or not.
What is a good (aka safe) figure for a system say with 16G RAM and 8 cores.
It strikes me
Can anyone enlighten me as to what the vertical scale on the 'Server Load'
graph represents.
I am really not sure if I should worry about a server load above 2.0 or not. Is
it about to break or what?
Andrew
-
Falmouth Exeter Plus
-
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Latest 6.2.1 ZEN release on CENTOS 6
Hello Torry,
you will probably have to force the install of wmi-1.3.14-3.el6.art.x86_64.
Regards
Fabrice
Le 2016-08-24 à 07:08, Torry, Andrew a écrit :
> I cannot install Open
can't find why this happens.
Paul
On 24/08/16 12:04, Torry, Andrew wrote:
> There is a specific web page that enabled 'Device Registration'.
> You need to 'Enable' it in the Configuration->Registration
>
> Your users then go to https://YOURPACKETFENCE/Device-Registration
>
I cannot install OpenVAS on this platform as it fails lots of dependencies.
Any ideas on how to get this working?
--> Finished Dependency Resolution
Error: Package: openvas-smb-1.0.1-1.el6.art.x86_64 (atomic)
Requires: libhdb.so.9(HEIMDAL_HDB_1.0)(64bit)
Error: Package:
There is a specific web page that enabled 'Device Registration'.
You need to 'Enable' it in the Configuration->Registration
Your users then go to https://YOURPACKETFENCE/Device-Registration
where they enter a username and password.
The credentials they can use must be matched by one of your
I've been looking at the 'Parking' system and it seems to be entirely dependent
on using OMAPI and the PF
server acting as the DHCP server for our Registration subnets. Seeing as how we
are going to have multiple registration
subnets that is not going to be pretty.
It seems to me what I need is
) that could have a
different lease time etc. etc. But this seems pointless
if it needs the VLAN's DHCP to be controlled and maintained by the PF server.
Is it worth putting this in as a request for feature enhancement?.
Andrew
-Original Message-
From: Torry, Andrew [mailto:andrew.to
Came into work this morning and whilst checking the state of our PacketFence
portal I checked my laptop's connection.
It had been parked and displayed the correct lightweight portal.
When I clicked the 'Enable' button the process of unparking started but it
never returned with the 'You device
I would like to have an option to set the SMS carrier in the config and hide
the option field all together as we use a
single SMS carrier to send out SMS messages to guests (via the JANET SMS
messaging service).
-
Falmouth University
Hi group,
I have recently run a 'Full, Deep an non-destructive' scan of our PF 6 server
and was concerned
at a few Serious and High rated vulnerabilities relating to third party
applications used in the PF code.
Vuln Name VulnID
We are running PF 6.0.3 (with mods) and have E-Mail based Registration working
the way we.
We have now moved on to enabling an SMS text based registration page.
As a JANET organisation we subscribe to the JISC Text service which enables us
to send an SMS text to ANY
mobile phone regardless of
If you disable the error (in code) you must add back the 5.7 code that handles
the email activation:-
sub doEmailRegistration in
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
I think this was a MASSIVE mistake by the devs to force this setup on
::_from_profile)
I don't know whether this is a similar situation with your setup or not.
I'm just playing with the transparency settings on the reverse proxy to see if
that will help.
Cheers,
Andi
From: Torry, Andrew [mailto:andrew.to...@fxplus.ac.uk]
Sent: 06 May 2016 11:21
To: packetfence-users
You need to hack the code in the file
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm.
I simply added back the code for the from the 5.7 and called it instead of
generating the error message:-
#
# EDIT BY APKT to re-enable activation from a
(http://www.packetfence.org)
On 2016-05-31 10:13 AM, Torry, Andrew wrote:
Yes James,
We are using 6.0.1 (not yet patched to 6.0.2).
I have created that 'aup_text' subroutine as a test and it now reads a
text-only file but it ignores all the formatting as if it was an
HTML file and reformats it
running?
James Rouzier
jrouz...@inverse.ca<mailto:jrouz...@inverse.ca> :: +1.514.447.4918 (x115) ::
http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://www.packetfence.org)
On 2016-05-31 9:24 AM, Torry, Andrew wrote:
When a block of user ac
When a block of user accounts are created and we wish to print out these on
sheet by sheet basis
the AUP is included on each sheet and is extracted from
pf/html/captive-portal/templates/aup_text.html
Our AUP is tabulated using embedded HTML and customisation and this is being
included in the
Hi folks,
When someone connects to our 'guest' WiFi network they fill out the portal
registration form
with their name and e-mail address as normal.
After the PF 6.0.1 server has sent them an activation E-Mail it moves the
device off of the registration
VLAN onto the production VLAN. I presume
When a user register a device via an E-Mail address the PF 6 database
node entry Is updated with the configured unregdate set based on the
the authentication.conf:email_activation_timeout value which we have
set to 5minutes.
There are two problems we have found:-
The activation E-Mail that is
I have created a local user account on our PF 6.0.1 server for our
'Accommodation' team to sponsor and
manipulate and control guest accounts/nodes. I do not want them to have any
other access.
The problem is a local user with the 'User manager' action enabled is able to
'accidentally' delete
or some PF
services (Torry, Andrew)
3. HP (3COM) A5500 configuration (tomas.rybicka)
4. Error messages in pfqueue.log (Torry, Andrew)
5. Re: Quick question - How to turn on verbose logging for some
PF services (Jam
I am trying to track down a problem with the PFQUEUE service in that it does
not seem to be updating
our long DHCP lease times properly and simply creating an entry with a lifetime
of about 6 seconds!
The pfqueue.log file contains entries like this:-
May 10 09:28:18 pfqueue(11600) INFO:
Running PacketFence 6.0.1 on Centos 6.7
May 06 10:56:27 httpd.portal(13055) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:unknown] Instantiate profile
Guest
When registering a device via an E-Mail address the device is granted access
for a short time
in order to read the activation E-Mail (based on the E-Mail source
configuration.)
When the registration is activated the success message pops up with an EMPTY
un-registration date.
The device's node
In 5.7 when customers registered a moble device using E-Mail on our visitor
WiFi, they were able to read
and 'Activate' the registration from another PC on our internal wired network
(ie a device that PF knew nothing about).
With 6.0.1 I can no longer do this and the device that I use to read
Hi folks,
Sorry if it seems I am spamming the list but I just wanted to say thanks for
the help.
I have now updated to 6.0.1 and it is looking much better:-
The 'Null' and 'BlackHole' authentication module problems are gone.
We have our corporate logo back too!
Oh so many questions about
Hi there,
I am following this guide:-
http://packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-6.0.0.pdf
to set up the portals for our BYOD estate and I am trying to create a 'null'
authentication portal module
as outlined on page 45 'Prompting for fields without
Hi,
I have not successfully got our new PF v 5.7 server up and running and working
to some extent.
It is running under Ubuntu 12.04 LTS. I know it should be 1404 but the 14.04
repository for PF is bust
and fails on multiple dependency issues (Apache2 mainly).
The problem I have though (Ubunut
71 matches
Mail list logo