t are things to keep into mind then...?
Or should I just spend more time, getting things running with the
updated old config files?
Any experiences here?
MJ
--
Check out the vibrant tech community on one of the world&#
sor with an inverse support point, if we could
gather some more, perhaps that could help too.
Unless I am the only one here, liking OpenID Connect so much more than
SAML2?
MJ
--
Check out the vibrant tech community on
Hi Thierry,
Thanks!
MJ
On 05/10/2017 03:54 PM, Thierry Laurion wrote:
> Hi MJ,
>
> 1-In PacketFence Admin, under domains configuration, clone your current
> domain configuration.
>
> 2- Change the IP address of the ActiveDirectory Server by it's DNS name.
> R
lite3 (0 (null))
> libsql-translator-perl (0 (null))
> Provides:
> 2.1.1-1 -
> Reverse Provides:
> root@pf:~#
Is that the expected version?
MJ
--
Site24x7 APM Insight: Get Deep Visibility into Application Performanc
B. at db/upgrade.pl line 37
> DBIx::Class::Schema::Versioned::upgrade(): DB version (1.0) is lower than the
> schema version (2.1). Attempting upgrade.
> DBIx::Class::Schema::Versioned::upgrade(): DB version (2.0) is lower than the
> schema version (2.
I'm also seeing dhcpd high cpu usage, but at the same time I also
noticed errors on my fingerbank setup. I thought this was the cause.
I have turned off OMAPI now as well, let's see how dhcpd behaves in a
few hours from now.
MJ
On 02/10/2016 11:47 AM, Frederic Hermann wrote:
Hi Frederic,
On 02/10/2016 02:38 PM, Frederic Hermann wrote:
> Hey MJ,
>
> Are you running pf on Debian 7 also ? If not, what is your dhcpd version ?
Yes, debian 7 as well. So it's probably not a p
Hi Louis,
> Yes.
> Is your fingerbank correctly configured?
I guess yes...
> Do you have an API key to fetch updates from upstream?
Yep.
> If you do, what happens when you click the “Update fingerbank DB” link?
I receive an email:
Successfully updated file '/usr/local/fingerbank/db/fingerbank_
t;Error! Searching for 'MAC_Vendor' entries in schema(s)
returned an empty set"
But perhaps I'm doing something wrong, or this behaviour is normal?
(meaning: the search gave no results?)
MJ
--
Site24x7 APM
for device with MAC address '00:26:73:a8:c8:1b'
> (pf::fingerbank::process)
> Feb 10 20:41:33 pfqueue(19418) WARN: [mac:00:19:99:66:3f:d5] Unable to
> perform a Fingerbank lookup for device with MAC address '00:19:99:66:3f:d5'
> (pf::fingerbank::process)
> Feb 10
gt; Feb 11 10:43:11 pfqueue(19417) INFO: [mac:2c:41:38:91:62:6f] Upstream is
> configured and unable to fullfil an exact match locally. Will ignore result
> from local database (fingerbank::Source::LocalDB::match)
Not sure if "unable to fullfil" is fingerbank-speak for: "y
the
same time have packetfence with 802.1x security (as advocated on this
list) for your networked devices?
Or are we forced to choose..?
MJ
--
Find and fix application performance issues faster with Applications
that direction. But it seems this has become problematic.
How 'dangerous' would it be to keep ntlm enabled?
MJ
On 04/14/2016 11:45 PM, Louis Munro wrote:
> Hi Mourik,
>
> This is a larger problem than just PacketFence.
> It affects FreeRADIUS in general when authenticating
Thanks, Louis.
Regards,
MJ
On 04/17/2016 01:45 PM, Louis Munro wrote:
> mj wrote:
>> I understand that the problem is larger than just packetfence, yes.
>>
>> Reading your email, I'm not sure what to do NOW. Fortunately I had not
>> migrated all workstatio
Nice. Congratulations! :-)
On 04/20/2016 12:25 AM, Ludovic Marcotte wrote:
> The Inverse team is pleased to announce the immediate availability of
> PacketFence 6.0.0. This is a major release with new features,
> enhancements and important bug fixes. This release is considered ready
> for producti
try disabling omapi for dhcp.
MJ
On 04/24/2016 08:12 PM, g4-l...@tonarchiv.ch wrote:
> Hi there!
>
> I set up a PF 6 in inline configuration for testing on Debian 7.
> There is nothing going on on the WLAN - no registered nodes yet.
> But after a few hours dhcpd took 100% of
= https://fingerbank.inverse.ca/api/v1/combinations/submit
>
> [query]
> record_unmatched = disabled
> use_tcp_fingerprinting = enabled
>
> [tcp_fingerprinting]
> p0f_socket_path = /var/run/p0f.sock
> p0f_map_path = /usr/local/fingerbank/conf/fingerbank-p0f.fp
> p0f_map_url = https://finge
On 05/19/2016 01:33 PM, mj wrote:
> I tried to double-check our api key, but the register link on
> https://fingerbank.inverse.ca/login links back the the same page. So I'm
> not even sure that our api key is correct.
Meanwhile I manually entered the url
https://fingerbank.inver
to be left unanswered?
We have complaints that (during peak hours) users have difficulties
connecting to our system.
Are we on to something, or are we looking in the wrong files..? (or
misunderstanding packetfence workings..?)
Any feedback would be appreciated!
MJ
o something, or are we looking in the wrong files..? (or
misunderstanding packetfence workings..?)
Is there a maximum number of dhcp requests packetfence can handle..?
(we're talking perhaps 200 clients inline, that's not too much, I guess..?)
Feedback would be appreciated!
MJ
---
pgrade packetfence with something like:
> apt-get upgrade --enablerepo=packetfence packetfence
Is that possible?
Thanks,
MJ
--
___
PacketFence-users mailing list
PacketFe
Hi,
Ok, thanks for for your responses.
MJ
On 09/21/2016 04:46 PM, Matt Zagrabelny wrote:
> On Wed, Sep 21, 2016 at 9:04 AM, Louis Munro wrote:
>>
>> On Sep 21, 2016, at 4:56 AM, mj wrote:
>>
>>
>> apt-get upgrade --enablerepo=packetfence packetfence
>>
' for help. Type '\c' to clear the current input statement.
>
> mysql> show tables;
> +-+
> | Tables_in_pf|
> +-+
> | action |
.
> | violation |
> | wrix
---+
> | 327936 | 5.1.0 |
> | 328192 | 5.2.0 |
> | 328448 | 5.3.0 |
> | 328704 | 5.4.0 |
> | 328960 | 5.5.0 |
> | 329216 | 5.6.0 |
> | 329472 | 5.7.0 |
> | 393216 | 6.0.0 |
> | 393472
mment out a few offending lines. And try again. Then I
decided that this was not the best approach.
Then i DROPPED the pf6 database, and recreating a new pf-5.6.1 database.
Run the upgrades on that...
but forgot to re-enable that line...
Sorry to have waisted your time Derek!
MJ
On 09/23/2016
he wildcard certificate, that was all.
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
nverse-inc/packetfence/issues/4573)
Are the instructions here
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ubiquiti_2
still up-to-date?
Any information would be appreciated :-)
Thanks!
MJ
___
PacketFence-users ma
an option nat=no
Goal: having an inline wifi network in the range 192.168.54.x/24, but to
have sophos XG do the NAT-ting.
Anyone with knows how to configure avoiding NAT, routing wise..? How to
configure packetfence inline interface IP address, inline dhcp, gateway
for inline clients, etc?
MJ
Hi,
I guess you examined the outputs of systemctl status
packetfence-httpd.admin.service" and/or "journalctl -xe" for details...?
Does it say anything interesting..?
I also don't understand. I can only say: No such issues here.
MJ
On 10/22/19 2:19 PM, Szél Gábor via Pac
o be running
pretty well.
Anyone else getting these warnings? Perhaps someone with a solution? How
major is this problem anyway..?
Thanks!
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforg
st of triggerable security events.
What is required for a security event to show up there?
We even restarted pfdetect and pfqueue, just in case.
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/
Hi,
And how about your softnet_stat issues?
I posted about those as well, but received no replies at all. I was
hoping this thread would eventually also touch that issue...
MJ
On 1/28/20 4:55 PM, Truax, Peter via PacketFence-users wrote:
Hi Everyone,
I fixed our fingerbank email problem
uot;Operating System/Windows
OS/Microsoft Windows kernel 5.x", when in the database, the same node is
identified as "Windows OS/Microsoft Windows Kernel 10.0"
Does not make sense..?
How are others here blocking pre-win7 clients? Are you also getting fake
positives as well?
Hi
On 1/29/20 11:11 PM, Serhiy Morhun via PacketFence-users wrote:
I tried changing the net.core.netdev_budget to 4800 as mentioned before,
but it did not seem to make a difference.
Yes same here. Are you running on bare metal, or virtualised..? (and if
virtual: on what system?)
MJ
On 2/2/20 12:08 AM, Serhiy Morhun via PacketFence-users wrote:
I'm running it on VMWARE.
We're on KVM, so that's not the same, but both virtualised.
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.source
Hi,
We are running pf against samba. Depending on what you want from pf, you
might need to make sure that samba will do ntlm auth. (for radius)
For the rest there are no issues that we know of.
MJ
On 10/27/20 6:24 AM, Boris Ebwanga via PacketFence-users wrote:
Hi everyone!
I would like to
support different samba AD domains?
Or has this changed recently..?
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
the only solution is to
walk to them, and re-configure the settings. (or turn off authentication
on the switch)
Curious to your experiences.
MJ
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/
how to "issue a certificate from a MS PKI for
example (AD CS)"
New stuff to me. We're running a samba AD.
If anyone has documented how to do that, I would appreciate some help.
But for now I'll give good ol' google a go. :-)
Thanks again!
MJ
On 11/10/20 2:47 AM, Du
Hi,
Please, if I may, one qustion more:
On 11/9/20 8:47 PM, Ludovic Zammit wrote:
If it’s the case, one solution to fix it. Issue a certificate on
PacketFence (RADIUS service) that would be trusted by your clients.
Issue a certificate from a MS PKI for example (AD CS).
We are running packete
ds on this mailinglist on that subject)
Good luck,
MJ
On 11/10/20 5:31 PM, E.P. via PacketFence-users wrote:
Since this group suddenly became alive I dare asking my previous again 😉
How would I install a wildcard SSL certificate on PF, see more details below
Eugene
*From:* E.P.
*Sent:* Sat
Hi,
Just to ask: Are you aware that packetfence has built-in LE certificate
management?
(somewhere in the settings menu's)
I think it should auto-generate and install certs for both the web
interface and radius.
MJ
On 11/17/20 4:24 AM, E.P. via PacketFence-users wrote:
Guys,
Can I
Hi Bebbet and Louis,
Thanks for your answers!
MJ
On 06/13/2017 03:05 PM, Bebbet van Dinges via PacketFence-users wrote:
if you run netstat -tapn, can you see where the mysql instance is
listening? if its on 127.0.0.1:3306, then the haproxy can listen on the
management:3306, no problem. When a
ence if the line was removed from the
generated config. And if you are not willing to do that, is there a
place where I can perhaps edit a template to comment it out on our own
installation?
Best regards!
MJ
On 05/10/2017 03:54 PM, Thierry Laurion wrote:
Hi MJ,
1-In PacketFence Admin, under d
Hi,
I guess this would not be done in packetfence, but you'd configure
packetfence to use a local postfix, and configure postfix to use a
smarthost with authentication for it's outgoing mail.
MJ
On 06/16/2017 05:53 AM, Max McGrath via PacketFence-users wrote:
Hello -
We hav
Hi,
Are you following this:
https://packetfence.org/support/faq/article/how-to-install-packetfence-on-debian.html
Or are you somehow trying to install things manually..?
(the apt way with the inverse repo worked very well for me on jessie,
tried last week)
Hope that helps,
MJ
On 06/22
On 06/22/2017 05:06 PM, David Harvey via PacketFence-users wrote:
Hi packetfence users,
I've been attmepting to experiment with packetfence-pki, but have fallen
at the first hurdle. Namely there doesn't seem to be a Debian Jessie
package avialable as advertised at
Ah sorry: packetfence-pki
":"allow"}
Are you seeing this same message about CLI access?
MJ
On 07/10/2017 11:58 AM, luca comes via PacketFence-users wrote:
I've found this error in radius.log
ERROR: mschap_machine: Program returned code (1) and output 'Reading
winbind reply failed! (0xc00
000
to restart more services?
MJ
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFenc
logue is with Fabrice, so
perhaps this advice can be disregarded :-)
MJ
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot
r Reports / All authentications, the httpd.portal items remain
marked either "incomplete". (and some "invalidated")
Under Reports / Email registrations they show up as "verified".
It seems strange: one screen says "verified" and the other scree
quot;invalidated"
- the second reg attempt is (still!) logged as "incomplete".
So something seems to be malfunctioning
This is pf 7.1, completely up-to-date with pf-maint.pl
Ideas?
MJ
On 07/10/2017 07:04 PM, mj via PacketFence-users wrote:
Hi,
We're using pf-7.1 w
Hi Fabrice,
On 07/13/2017 02:23 AM, Durand fabrice via PacketFence-users wrote:
Hello MJ,
when it happen, can you check in the database just after the duration
has been extended ?
select * from node where mac="9c:2a:70:31:9b:9f';
As I need to be there to check this, I will do
ok, here it is:
Is there anyone who can provide some feedback..?
Much appreciated!
MJ
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sd
also have many unreg nodes that are still present in the database,
despite the node_cleanup. Many of them with:
- last_seen: -00-00 00:00:00
- registration/unregistration date: empty
Could there be a common cause that node_cleanup and person_cleanup are
both not doing anythi
the task to run after 22hrs, or schedule the reboot
every *other* day.
MJ
On 09/19/2017 06:19 PM, Tobias Friede via PacketFence-users wrote:
Hi,
we use PF 7.2 and have no problems with Node or User cleanup.
Maybe you should have a look at your logs (maybe increase your log level)
2017-09
ld not run it from the
chroot, but from the pf install location, usually:
/usr/local/pf/addons/pf-maint.pl
Perhaps try again, just to try if it worked your way...?
MJ
--
Check out the vibrant tech community on one
udp --dport 53 --jump
ACCEPT
# DHCP:
-A input-internal-inline-if --protocol udp --match udp --dport 67 --jump ACCEPT
etc
and then, before the final line, to drop 'all other traffic':
-A input-internal-inline-if --jump DROP
%%input_inter_inline_rules%%
You mean something like t
info.
Unfortunately it's broken in two threads:
Here: https://lists.samba.org/archive/samba/2018-March/214635.html
and here: https://lists.samba.org/archive/samba/2018-March/214655.html
MJ
--
Check out the vibrant tech
Hi,
We have (kind of) solved this by logging dns requests done by the inline
clients, plus their mac address. We are using this:
https://github.com/gamelinux/passivedns
We run a cron script to purge the collected data after x number of days.
MJ
On 06/13/2018 03:52 PM, Murilo Calegari via
ds, packetfence no longer uses isc
dhcpd, so the procedure will be different. (if possible at all...?)
Best,
MJ
On 09/27/2018 11:40 AM, lists via PacketFence-users wrote:
Hi,
We would like to provide a dhcp domain-search option for our packetfence
(7.1) inline clients.
The gui only allow
Hi,
I guess the ip belongs to a net namespace, try:
ip netns list
to see your namespaces, and then type:
ip netns exec ifconfig
to check it's details.
On our packetfence, the AD namespace has ip 169.254.0.1.
MJ
On 11/28/18 11:06 AM, Hancock, Jamie via PacketFence-users wrote:
Hi
Yes, it is what we do.
First the computer authenticates, and as soon as a user logs on, it
switches to user authentication.
MJ
On 16/05/2022 14:19, José Ramos via PacketFence-users wrote:
Hello everyone.
Is it possible to combine 802.1x computer + user authentication ?
I only do user
63 matches
Mail list logo
