Re: [PacketFence-users] NAC administration interface

Hello Jessica, On 2018-11-09 12:30 a.m., Jessica Cohen via PacketFence-users wrote: Can you manage the NAC from any interface? Or is only accessible from the management interface? Only from management interface for me. I will let Fabrice correct me if I'm wrong. -- Nicolas Quiniou-Briand

[PacketFence-users] Error trying to upgrade from 8.1 to 8.2

Hi, I try to upgrade my packetfence from 8.1 to 8.2. I first stop pfcmd and packetfence-config and when i update i have this following message : # /usr/local/pf/bin/pfcmd service pf stop # service packetfence-config stop #yum update packetfence --enablerepo=packetfence Traceback (most

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

Hello Geert, On 2018-11-09 11:25 a.m., Geert Heremans via PacketFence-users wrote: I've noticed that when I remove a group for the Wifi enabled group these members can still access the WIFI if they use their registered devices. The only thing that changes is that they then no longer are able

Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Matthew, Just to be sure to understand: you didn't succeed to auto-register your Polycom VoIP phones ? In the packetfence.log you pasted, MAC address doesn't belong to a Polycom device. Could you paste log for a Polycom device ? -- Nicolas Quiniou-Briand n...@inverse.ca ::

Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi All, Further to this, Looks as tho the only reason that the Polycom Phones are working is because the RADIUS server is replying with a Cisco-AVPair = "device-traffic-class=voice" and so the Switch is putting it into the Voice Vlan. matthew Matthew Knott IT Network & Security

[PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

Hi Currently playing around with the new(?) macaddress filter in dns_filter.conf trying to use it as a way to block nodes from getting access to the captive portal when using dns_enforcement since the reject role does not seem to work at all. My plan was to add them like this and change the

Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Nicolas, The Polycom phones are auto-registering properly, but other devices are not. Matthew Matthew Knott IT Network & Security Administrator E. matthew.kn...@jbssa.com.au [JBS Australia] T. 07 3810 2269 M. 0477733185

Re: [PacketFence-users] Internal Radius config basics

Hello Ali, In Radius source timeout will be the time you allow the radius source to answer and shared secret is the shared secret between the pf and the radius server. Btw the Radius source is a way to do the authentication on the portal. Shared secret in the switch config is the shared

Re: [PacketFence-users] NAC administration interface

Hello Jessica, Nicolas is right, we can only manage the nac from the mgmt interface. Regards Fabrice Le 18-11-13 à 06 h 44, Nicolas Quiniou-Briand via PacketFence-users a écrit : Hello Jessica, On 2018-11-09 12:30 a.m., Jessica Cohen via PacketFence-users wrote: Can you manage the NAC

Re: [PacketFence-users] Error trying to upgrade from 8.1 to 8.2

Hello Virginie, it's not related to PacketFence, it looks that you have an issue with your python modules on your system. Regards Fabrice Le 18-11-13 à 05 h 14, Virginie Girou via PacketFence-users a écrit : Hi, I try to upgrade my packetfence from 8.1 to 8.2. I first stop pfcmd and

Re: [PacketFence-users] Issue Using vlan_filters.conf

Can you paste your current vlan_filters.conf ? Le 18-11-13 à 22 h 38, Matthew Knott a écrit : Thanks Durand, Tried that as well,   Still not working . Matthew Matthew Knott IT Network & Security Administrator E. matthew.kn...@jbssa.com.au JBS Australia

Re: [PacketFence-users] Issue Using vlan_filters.conf

Ok found it. it's 100$ ! ;-) the unit test must be unique (like polycom_phones , security_cameras) but the rules too (you have 2 autoreg). My best practice is to use integer for the rules. So try that: [polycom_phones] filter = node_info.mac operator = regex value = ^(00:04:f2|64:16:7f).*

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

Hello Geert, IMO if you use 802.1x the better option is to use autoregistration and use the AD source and at the end of the AD source rules add a catch_all that return the REJECT role. So each time a device authenticate then PacketFence will compute the new role and if it's REJECT then the

Re: [PacketFence-users] Issue Using vlan_filters.conf

Yep, [polycom_phones] filter = node_info.mac operator = regex value = ^(00:04:f2|64:16:7f).* [autoreg:polycom_phones] scope = IsPhone role = voice [security_cameras] filter = node_info.mac operator = regex value =

Re: [PacketFence-users] getting started - interface questions

Hello Jessica, strange, the trunkport is tagged to the vlan 4095 so it's not a trunk port. We suppose to have a native vlan (the mgmt network) and the other vlans tagged. So in this configuration if you add a interface vlan on the interface eth0 (like eth0.51) it will not work. IMO the

Re: [PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

Hello Anders, ok my bad ... we use a cache in pfdns in order to not ask the filter engine all the time for the same fqdn. https://github.com/inverse-inc/packetfence/blob/devel/go/coredns/plugin/pfdns/pfdns.go#L232 So can you open an issue on github about that and i will have a look.

Re: [PacketFence-users] Issue Using vlan_filters.conf

Thanks Durand, Tried that as well, Still not working . Matthew Matthew Knott IT Network & Security Administrator E. matthew.kn...@jbssa.com.au [JBS Australia] T. 07 3810 2269 M. 0477733185 F. 07 3816 0535 JBS

Re: [PacketFence-users] Internal Radius config basics

Hi Durand, Much appreciate the quick response, actually our use case is such that we want to authenticate clients directly against PF/Radius, without going to portal. For that I have uncommented the *packetfence-local-auth* in */usr/local/pf/conf/radiusd/packetfence-tunnel* *You think that makes

Re: [PacketFence-users] getting started - interface questions

Hello Jessica, sorry for the late reply. Btw it looks good ... what is the ip of the device you use to manage PacketFence ? Regards Fabrice Le 18-11-08 à 15 h 37, Jessica Cohen a écrit : Apologies, just noticed I copied and pasted wrong. It should have been: BEFORE

Re: [PacketFence-users] Issue Using vlan_filters.conf

Thanks Mate, That fixed it. [Image result for 100$ note] Much appreciated :) Matthew Matthew Knott IT Network & Security Administrator E. matthew.kn...@jbssa.com.au [JBS Australia] T. 07 3810 2269 M. 0477733185 F.

[PacketFence-users] Internal Radius config basics

Hi All, When setting up internal radius in PF, whats the purpose of Timeout and Secret? Secondly when we add a switch there is a Radius tab where we put Secret key, whats the relations between these two keys? Why is secret added in two different places? Thanks Ali -- Amjad Ali

Re: [PacketFence-users] Issue Using vlan_filters.conf

Hello Matthew, try to define the mac address in lower case. That : [polycom_phones] filter = node_info.mac operator = regex value = ^(00:04:f2|64:16:7f).* instead of that: [polycom_phones] filter = node_info.mac operator = regex value = ^(00:04:F2|64:16:7f).* etc ... Regards

Re: [PacketFence-users] Internal Radius config basics

Hello Ali , ok so no need to create a Radius Authentication source. What you just need to do is the following: be sure that the password encryption is nthash or cleartext. uncomment packetfence-local-auth create a connection profile with a filter like SSID = my_SSID and select the source