You can subscribe to this list here.
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2008 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(17) |
Jun
(23) |
Jul
(40) |
Aug
(48) |
Sep
(32) |
Oct
(38) |
Nov
(36) |
Dec
(78) |
2009 |
Jan
(31) |
Feb
(76) |
Mar
(44) |
Apr
(92) |
May
(84) |
Jun
(71) |
Jul
(50) |
Aug
(68) |
Sep
(42) |
Oct
(40) |
Nov
(28) |
Dec
(53) |
2010 |
Jan
(52) |
Feb
(81) |
Mar
(60) |
Apr
(57) |
May
(50) |
Jun
(42) |
Jul
(85) |
Aug
(51) |
Sep
(61) |
Oct
(59) |
Nov
(51) |
Dec
(36) |
2011 |
Jan
(121) |
Feb
(172) |
Mar
(133) |
Apr
(116) |
May
(116) |
Jun
(78) |
Jul
(98) |
Aug
(148) |
Sep
(90) |
Oct
(151) |
Nov
(100) |
Dec
(161) |
2012 |
Jan
(159) |
Feb
(135) |
Mar
(204) |
Apr
(149) |
May
(156) |
Jun
(118) |
Jul
(154) |
Aug
(146) |
Sep
(226) |
Oct
(186) |
Nov
(77) |
Dec
(92) |
2013 |
Jan
(109) |
Feb
(117) |
Mar
(115) |
Apr
(148) |
May
(216) |
Jun
(271) |
Jul
(382) |
Aug
(323) |
Sep
(157) |
Oct
(120) |
Nov
(110) |
Dec
(113) |
2014 |
Jan
(192) |
Feb
(120) |
Mar
(185) |
Apr
(117) |
May
(150) |
Jun
(205) |
Jul
(169) |
Aug
(239) |
Sep
(197) |
Oct
(117) |
Nov
(148) |
Dec
(121) |
2015 |
Jan
(170) |
Feb
(290) |
Mar
(252) |
Apr
(349) |
May
(417) |
Jun
(351) |
Jul
(234) |
Aug
(188) |
Sep
(126) |
Oct
(333) |
Nov
(153) |
Dec
(115) |
2016 |
Jan
(212) |
Feb
(272) |
Mar
(181) |
Apr
(221) |
May
(222) |
Jun
(275) |
Jul
(160) |
Aug
(151) |
Sep
(165) |
Oct
(137) |
Nov
(111) |
Dec
(83) |
2017 |
Jan
(191) |
Feb
(140) |
Mar
(145) |
Apr
(109) |
May
(218) |
Jun
(112) |
Jul
(219) |
Aug
(191) |
Sep
(105) |
Oct
(217) |
Nov
(196) |
Dec
(158) |
2018 |
Jan
(303) |
Feb
(138) |
Mar
(93) |
Apr
(64) |
May
(239) |
Jun
(204) |
Jul
(181) |
Aug
(191) |
Sep
(91) |
Oct
(119) |
Nov
(158) |
Dec
(162) |
2019 |
Jan
(168) |
Feb
(218) |
Mar
(126) |
Apr
(178) |
May
(154) |
Jun
(147) |
Jul
(279) |
Aug
(179) |
Sep
(126) |
Oct
(118) |
Nov
(73) |
Dec
(70) |
2020 |
Jan
(135) |
Feb
(157) |
Mar
(187) |
Apr
(100) |
May
(112) |
Jun
(111) |
Jul
(117) |
Aug
(87) |
Sep
(92) |
Oct
(237) |
Nov
(134) |
Dec
(147) |
2021 |
Jan
(58) |
Feb
(79) |
Mar
(191) |
Apr
(193) |
May
(95) |
Jun
(155) |
Jul
(146) |
Aug
(86) |
Sep
(106) |
Oct
(69) |
Nov
(102) |
Dec
(71) |
2022 |
Jan
(70) |
Feb
(198) |
Mar
(89) |
Apr
(88) |
May
(65) |
Jun
(57) |
Jul
(92) |
Aug
(41) |
Sep
(81) |
Oct
(112) |
Nov
(56) |
Dec
(106) |
2023 |
Jan
(98) |
Feb
(14) |
Mar
(130) |
Apr
(62) |
May
(40) |
Jun
(36) |
Jul
(32) |
Aug
(34) |
Sep
(18) |
Oct
(48) |
Nov
(44) |
Dec
(20) |
2024 |
Jan
(36) |
Feb
(75) |
Mar
(70) |
Apr
(67) |
May
(57) |
Jun
(55) |
Jul
(48) |
Aug
(44) |
Sep
(64) |
Oct
(14) |
Nov
|
Dec
|
From: Sawyers, B. W <bsa...@pc...> - 2008-06-04 13:35:50
|
Dominick, I'm running a fully updated CentOS 5.1. Here is the information you requested: [root@server ~]# rpm -q mysql-server mysql-server-5.0.22-2.2.el5_1.1 [root@server ~]# rpm -q perl perl-5.8.8-10.el5_0.2 [root@server ~]# mysql -u root -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [root@server ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 237 to server version: 5.0.22 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use pf Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> select * from node where mac="00:19:b9:7f:22:59"; Empty set (0.00 sec) mysql> quit Bye [root@server ~]# Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Wednesday, June 04, 2008 9:32 AM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, ok, so the issue is the node_unregistered call which doesn't return any value in your case: Jun 4 09:04:07 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:07 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Could you do a 'select * from node where mac="00:19:b9:7f:22:59"' in the database ? Also, could you let us know your MySQL and Perl versions ? Thanks, Dominik On 4-Jun-08, at 9:12 AM, Sawyers, Brandon W wrote: > Dominick, > > Thanks for the reply. > > I had to manually patch the file. I don't think it liked the > > ". > isenabled($Config{'trapping'}{'registration'}), 8);" part of the file. > I've included the modified redir.cgi so you can make sure it does what > it's supposed to do. > > I've also included my pf.conf just for the heck of it. > > And here is the results of the new redir.cgi: > > Jun 4 09:03:48 server dhcpd: DHCPRELEASE of 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 (found) > Jun 4 09:03:56 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 4 09:03:56 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:03:56 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:03:56 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:04:06 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 4 09:04:06 server pf: db_connect(0): checking handle > Jun 4 09:04:06 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 4 09:04:06 server pf: db_connect(0): connected > Jun 4 09:04:07 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 4 09:04:07 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 4 09:04:07 server pf: redir.cgi(0): TEST: > node_unregistered(00:19:b9:7f:22:59) returns > Jun 4 09:04:07 server pf: redir.cgi(0): TEST: > isenabled(trapping.registration) returns 1 > Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 4 09:04:07 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 4 09:04:08 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 4 09:04:08 server pf: db_connect(0): checking handle > Jun 4 09:04:08 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 4 09:04:08 server pf: db_connect(0): connected > Jun 4 09:04:08 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 4 09:04:08 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 4 09:04:08 server pf: redir.cgi(0): TEST: > node_unregistered(00:19:b9:7f:22:59) returns > Jun 4 09:04:08 server pf: redir.cgi(0): TEST: > isenabled(trapping.registration) returns 1 > Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 4 09:04:08 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 4 09:04:09 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 4 09:04:09 server pf: db_connect(2): function main::cleanup is > calling db_connect > Jun 4 09:04:09 server pf: db_connect(2): checking handle > Jun 4 09:04:09 server pf: db_connect(2): we are currently connected > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Tuesday, June 03, 2008 7:44 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > could you please apply the following patch to redir.cgi and resend > again the log ? That should show us where this issue lies ... > > --- pf/cgi-bin/redir.cgi 032a7dd937b53e53a21c5cc4baad9483b934c547 > +++ pf/cgi-bin/redir.cgi a5c9c1c315a579e698fb3c0de51d9a9d53c5faca > @@ -52,6 +52,8 @@ my $unreg = node_unregistered($mac); > #check to see if node needs to be registered > # > my $unreg = node_unregistered($mac); > +pflogger("TEST: node_unregistered($mac) returns $unreg", 8); > +pflogger("TEST: isenabled(trapping.registration) returns " . > isenabled($Config{'trapping'}{'registration'}), 8); > if ($unreg && isenabled($Config{'trapping'}{'registration'})){ > pflogger("$mac redirected to registration page", 8); > generate_registration_page($cgi, $session, $destination_url,$mac); > > > Thanks, > Dominik > > On 3-Jun-08, at 10:37 AM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply. >> >> Here are the results of what you requested. >> >> Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 (found) >> Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via >> eth1 >> Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 >> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling >> db_connect >> Jun 3 10:31:29 server pf: db_connect(0): checking handle >> Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 10:31:30 server pf: db_connect(0): connected >> Jun 3 10:31:30 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to >> mac (00:19:b9:7f:22:59) in ARP table >> Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being >> redirected >> Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and >> redirecting to http://www.packetfence.org >> Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling >> db_connect >> Jun 3 10:31:31 server pf: db_connect(0): checking handle >> Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 10:31:31 server pf: db_connect(0): connected >> Jun 3 10:31:31 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to >> mac (00:19:b9:7f:22:59) in ARP table >> Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being >> redirected >> Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and >> redirecting to http://www.packetfence.org >> Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is >> calling db_connect >> Jun 3 10:31:42 server pf: db_connect(2): checking handle >> Jun 3 10:31:42 server pf: db_connect(2): we are currently connected >> >> [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 >> Node 00:19:b9:7f:22:59 is not a known node! >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Tuesday, June 03, 2008 10:24 AM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> the important line here is >> >> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> >> That's why the computer is being redirected to the packetfence.org >> website (you can change the redirection using the >> trapping.redirecturl >> parameter). >> >> Could you check that 00:19:b9:7f:22:59 is not already registered in >> the database and repeat the test after setting the log verbosity to >> 12 ? >> >> Thanks, >> Dominik >> >> On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: >> >>> Dominik, >>> >>> Thanks for the reply. >>> >>> After making that change (I went back to the configurator.pl script >>> and >>> server.example.edu was what it recommended, btw) I'm now getting >>> redirected to www.packetfence.org. In /var/log/messages I keep >>> seeing >>> the following: >>> >>> Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 >>> via >>> eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 >>> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:32:44 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:32:45 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:33:44 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> >>> Thanks again, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> -----Original Message----- >>> From: Dominik Gehl [mailto:dg...@in...] >>> Sent: Monday, June 02, 2008 4:47 PM >>> To: Sawyers, Brandon W >>> Cc: pac...@li... >>> Subject: Re: [Packetfence-users] Configuration help >>> >>> Hi Brandon, >>> >>> the general.hostname parameter in pf.conf shouldn't contain the >>> domain >>> part ... so in your case it should just be 'server'. This way, >>> clients >>> won't be redirected to server.example.edu.example.edu, but to >>> server.example.edu ! >>> >>> What do you obtain now ? Could you also send us some info from /var/ >>> log/messages ? >>> >>> Thanks, >>> Dominik >>> >>> On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: >>> >>>> Dominik, >>>> >>>> Thanks for the reply! >>>> >>>> I've looked through my config and made the changes I thought were >>>> necessary and I'm at least getting something different! >>>> >>>> Now, when I try to go to a website I'm getting forwarded to " >>>> >>> >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >>>> =http://www.google.com/ " >>>> >>>> I'm not sure what that means. >>>> >>>> Including my config. >>>> >>>> Thanks, >>>> >>>> Brandon Sawyers >>>> Data Services Coordinator >>>> Pikeville College >>>> 147 Sycamore Street >>>> Pikeville, KY 41501 >>>> (606) 218-5300 >>>> >>>> >>>> -----Original Message----- >>>> From: Dominik Gehl [mailto:dg...@in...] >>>> Sent: Monday, June 02, 2008 12:24 PM >>>> To: Sawyers, Brandon W >>>> Cc: pac...@li... >>>> Subject: Re: [Packetfence-users] Configuration help >>>> >>>> Hi Brandon, >>>> >>>> from what I can see from the configuration file you sent, you are >>>> trying the use DHCP based isolation/registration. In Your setup, >>>> the >>>> PacketFence box seems to be the gateway, so do you have routing/NAT >>>> configured on the PacketFence box ? >>>> Also, I'm a bit surprised that your isolation, registration and >>>> unreg >>>> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >>>> unregistered and even quarantined hosts to contact the authorized >>>> hosts ... >>>> >>>> Dominik >>>> >>>> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >>>> >>>>> Hello everyone: >>>>> >>>>> We're wanting to use packetfence for our dorms and I've been >>>>> working >>>>> on getting it up and running. >>>>> >>>>> I'm fairly sure that I've gotten it installed properly. It will >>>>> start with a "sane" config. >>>>> >>>>> However, I'm having two problems. >>>>> >>>>> Just for information I've got the packetfence box set up in my >>>>> office with 2 network cards and a switch for my laptop to sit >>>>> behind >>>>> it. I'm not worried about nessus scans or snort really for now, >>>>> but >>>>> definitely want to do both later. >>>>> >>>>> The first problem I'm having is with the client not being able to >>>>> get anywhere. The laptop will get an ip but when I try to load up >>>>> any page or ping the back of the packetfence box, nothing happens. >>>>> I've noticed that when I set eth1 (the inside interface) to >>>>> managed, >>>>> then I can ping the packetfence box and can resolve domain names, >>>>> but nothing else. >>>>> >>>>> The second problem I'm having, and I think they might be related, >>>>> is >>>>> that I never get a registration page. When I try to go to google >>>>> or >>>>> some other web page, it just times out. >>>>> >>>>> I've included my config. >>>>> >>>>> Any help would be appreciated! >>>>> >>>>> Thanks, >>>>> >>>>> Brandon Sawyers >>>>> Data Services Coordinator >>>>> Pikeville College >>>>> 147 Sycamore Street >>>>> Pikeville, KY 41501 >>>>> (606) 218-5300 >>>>> >>>>> <pf.conf> >>>>> >>>> >>> >> > ------------------------------------------------------------------------ >>>> - >>>>> This SF.net email is sponsored by: Microsoft >>>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>>> >>>> >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >>>> ______________________________ >>>>> Packetfence-users mailing list >>>>> Pac...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> <pf.conf> >>> >> > |
From: Dominik G. <dg...@in...> - 2008-06-04 13:31:53
|
Hi Brandon, ok, so the issue is the node_unregistered call which doesn't return any value in your case: Jun 4 09:04:07 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:07 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Could you do a 'select * from node where mac="00:19:b9:7f:22:59"' in the database ? Also, could you let us know your MySQL and Perl versions ? Thanks, Dominik On 4-Jun-08, at 9:12 AM, Sawyers, Brandon W wrote: > Dominick, > > Thanks for the reply. > > I had to manually patch the file. I don't think it liked the > > ". > isenabled($Config{'trapping'}{'registration'}), 8);" part of the file. > I've included the modified redir.cgi so you can make sure it does what > it's supposed to do. > > I've also included my pf.conf just for the heck of it. > > And here is the results of the new redir.cgi: > > Jun 4 09:03:48 server dhcpd: DHCPRELEASE of 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 (found) > Jun 4 09:03:56 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 4 09:03:56 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:03:56 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:03:56 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 4 09:04:06 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 4 09:04:06 server pf: db_connect(0): checking handle > Jun 4 09:04:06 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 4 09:04:06 server pf: db_connect(0): connected > Jun 4 09:04:07 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 4 09:04:07 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 4 09:04:07 server pf: redir.cgi(0): TEST: > node_unregistered(00:19:b9:7f:22:59) returns > Jun 4 09:04:07 server pf: redir.cgi(0): TEST: > isenabled(trapping.registration) returns 1 > Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 4 09:04:07 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 4 09:04:08 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 4 09:04:08 server pf: db_connect(0): checking handle > Jun 4 09:04:08 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 4 09:04:08 server pf: db_connect(0): connected > Jun 4 09:04:08 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 4 09:04:08 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 4 09:04:08 server pf: redir.cgi(0): TEST: > node_unregistered(00:19:b9:7f:22:59) returns > Jun 4 09:04:08 server pf: redir.cgi(0): TEST: > isenabled(trapping.registration) returns 1 > Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 4 09:04:08 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 4 09:04:09 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 4 09:04:09 server pf: db_connect(2): function main::cleanup is > calling db_connect > Jun 4 09:04:09 server pf: db_connect(2): checking handle > Jun 4 09:04:09 server pf: db_connect(2): we are currently connected > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Tuesday, June 03, 2008 7:44 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > could you please apply the following patch to redir.cgi and resend > again the log ? That should show us where this issue lies ... > > --- pf/cgi-bin/redir.cgi 032a7dd937b53e53a21c5cc4baad9483b934c547 > +++ pf/cgi-bin/redir.cgi a5c9c1c315a579e698fb3c0de51d9a9d53c5faca > @@ -52,6 +52,8 @@ my $unreg = node_unregistered($mac); > #check to see if node needs to be registered > # > my $unreg = node_unregistered($mac); > +pflogger("TEST: node_unregistered($mac) returns $unreg", 8); > +pflogger("TEST: isenabled(trapping.registration) returns " . > isenabled($Config{'trapping'}{'registration'}), 8); > if ($unreg && isenabled($Config{'trapping'}{'registration'})){ > pflogger("$mac redirected to registration page", 8); > generate_registration_page($cgi, $session, $destination_url,$mac); > > > Thanks, > Dominik > > On 3-Jun-08, at 10:37 AM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply. >> >> Here are the results of what you requested. >> >> Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 (found) >> Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via >> eth1 >> Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 >> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling >> db_connect >> Jun 3 10:31:29 server pf: db_connect(0): checking handle >> Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 10:31:30 server pf: db_connect(0): connected >> Jun 3 10:31:30 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to >> mac (00:19:b9:7f:22:59) in ARP table >> Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being >> redirected >> Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and >> redirecting to http://www.packetfence.org >> Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling >> db_connect >> Jun 3 10:31:31 server pf: db_connect(0): checking handle >> Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 10:31:31 server pf: db_connect(0): connected >> Jun 3 10:31:31 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to >> mac (00:19:b9:7f:22:59) in ARP table >> Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being >> redirected >> Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and >> redirecting to http://www.packetfence.org >> Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is >> calling db_connect >> Jun 3 10:31:42 server pf: db_connect(2): checking handle >> Jun 3 10:31:42 server pf: db_connect(2): we are currently connected >> >> [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 >> Node 00:19:b9:7f:22:59 is not a known node! >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Tuesday, June 03, 2008 10:24 AM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> the important line here is >> >> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> >> That's why the computer is being redirected to the packetfence.org >> website (you can change the redirection using the >> trapping.redirecturl >> parameter). >> >> Could you check that 00:19:b9:7f:22:59 is not already registered in >> the database and repeat the test after setting the log verbosity to >> 12 ? >> >> Thanks, >> Dominik >> >> On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: >> >>> Dominik, >>> >>> Thanks for the reply. >>> >>> After making that change (I went back to the configurator.pl script >>> and >>> server.example.edu was what it recommended, btw) I'm now getting >>> redirected to www.packetfence.org. In /var/log/messages I keep >>> seeing >>> the following: >>> >>> Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 >>> via >>> eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 >>> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:32:44 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:32:45 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db >>> connection is DEAD (re)connecting >>> Jun 3 09:33:44 server pf: ip2mac(0): could not resolve >>> 192.168.12.253 >>> to mac in iplog table >>> Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >>> registered or registration disabled, freeing mac >>> Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds >>> Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to >>> 00:19:b9:7f:22:59 (gandalf) via eth1 >>> Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds >>> >>> Thanks again, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> -----Original Message----- >>> From: Dominik Gehl [mailto:dg...@in...] >>> Sent: Monday, June 02, 2008 4:47 PM >>> To: Sawyers, Brandon W >>> Cc: pac...@li... >>> Subject: Re: [Packetfence-users] Configuration help >>> >>> Hi Brandon, >>> >>> the general.hostname parameter in pf.conf shouldn't contain the >>> domain >>> part ... so in your case it should just be 'server'. This way, >>> clients >>> won't be redirected to server.example.edu.example.edu, but to >>> server.example.edu ! >>> >>> What do you obtain now ? Could you also send us some info from /var/ >>> log/messages ? >>> >>> Thanks, >>> Dominik >>> >>> On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: >>> >>>> Dominik, >>>> >>>> Thanks for the reply! >>>> >>>> I've looked through my config and made the changes I thought were >>>> necessary and I'm at least getting something different! >>>> >>>> Now, when I try to go to a website I'm getting forwarded to " >>>> >>> >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >>>> =http://www.google.com/ " >>>> >>>> I'm not sure what that means. >>>> >>>> Including my config. >>>> >>>> Thanks, >>>> >>>> Brandon Sawyers >>>> Data Services Coordinator >>>> Pikeville College >>>> 147 Sycamore Street >>>> Pikeville, KY 41501 >>>> (606) 218-5300 >>>> >>>> >>>> -----Original Message----- >>>> From: Dominik Gehl [mailto:dg...@in...] >>>> Sent: Monday, June 02, 2008 12:24 PM >>>> To: Sawyers, Brandon W >>>> Cc: pac...@li... >>>> Subject: Re: [Packetfence-users] Configuration help >>>> >>>> Hi Brandon, >>>> >>>> from what I can see from the configuration file you sent, you are >>>> trying the use DHCP based isolation/registration. In Your setup, >>>> the >>>> PacketFence box seems to be the gateway, so do you have routing/NAT >>>> configured on the PacketFence box ? >>>> Also, I'm a bit surprised that your isolation, registration and >>>> unreg >>>> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >>>> unregistered and even quarantined hosts to contact the authorized >>>> hosts ... >>>> >>>> Dominik >>>> >>>> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >>>> >>>>> Hello everyone: >>>>> >>>>> We're wanting to use packetfence for our dorms and I've been >>>>> working >>>>> on getting it up and running. >>>>> >>>>> I'm fairly sure that I've gotten it installed properly. It will >>>>> start with a "sane" config. >>>>> >>>>> However, I'm having two problems. >>>>> >>>>> Just for information I've got the packetfence box set up in my >>>>> office with 2 network cards and a switch for my laptop to sit >>>>> behind >>>>> it. I'm not worried about nessus scans or snort really for now, >>>>> but >>>>> definitely want to do both later. >>>>> >>>>> The first problem I'm having is with the client not being able to >>>>> get anywhere. The laptop will get an ip but when I try to load up >>>>> any page or ping the back of the packetfence box, nothing happens. >>>>> I've noticed that when I set eth1 (the inside interface) to >>>>> managed, >>>>> then I can ping the packetfence box and can resolve domain names, >>>>> but nothing else. >>>>> >>>>> The second problem I'm having, and I think they might be related, >>>>> is >>>>> that I never get a registration page. When I try to go to google >>>>> or >>>>> some other web page, it just times out. >>>>> >>>>> I've included my config. >>>>> >>>>> Any help would be appreciated! >>>>> >>>>> Thanks, >>>>> >>>>> Brandon Sawyers >>>>> Data Services Coordinator >>>>> Pikeville College >>>>> 147 Sycamore Street >>>>> Pikeville, KY 41501 >>>>> (606) 218-5300 >>>>> >>>>> <pf.conf> >>>>> >>>> >>> >> > ------------------------------------------------------------------------ >>>> - >>>>> This SF.net email is sponsored by: Microsoft >>>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>>> >>>> >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >>>> ______________________________ >>>>> Packetfence-users mailing list >>>>> Pac...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> <pf.conf> >>> >> > |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-04 13:27:40
|
Whoops, just realized that I forgot to attach. Sorry about that. Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: pac...@li... [mailto:pac...@li...] On Behalf Of Sawyers, Brandon W Sent: Wednesday, June 04, 2008 9:12 AM To: Dominik Gehl Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Dominick, Thanks for the reply. I had to manually patch the file. I don't think it liked the ". isenabled($Config{'trapping'}{'registration'}), 8);" part of the file. I've included the modified redir.cgi so you can make sure it does what it's supposed to do. I've also included my pf.conf just for the heck of it. And here is the results of the new redir.cgi: Jun 4 09:03:48 server dhcpd: DHCPRELEASE of 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 (found) Jun 4 09:03:56 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via eth1 Jun 4 09:03:56 server dhcpd: DHCPOFFER on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:03:56 server dhcpd: DHCPREQUEST for 192.168.12.253 (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:03:56 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:04:06 server pf: db_connect(0): function (eval) is calling db_connect Jun 4 09:04:06 server pf: db_connect(0): checking handle Jun 4 09:04:06 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 4 09:04:06 server pf: db_connect(0): connected Jun 4 09:04:07 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 4 09:04:07 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 4 09:04:07 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:07 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 4 09:04:07 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 4 09:04:08 server pf: db_connect(0): function (eval) is calling db_connect Jun 4 09:04:08 server pf: db_connect(0): checking handle Jun 4 09:04:08 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 4 09:04:08 server pf: db_connect(0): connected Jun 4 09:04:08 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 4 09:04:08 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 4 09:04:08 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:08 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 4 09:04:08 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 4 09:04:09 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 4 09:04:09 server pf: db_connect(2): function main::cleanup is calling db_connect Jun 4 09:04:09 server pf: db_connect(2): checking handle Jun 4 09:04:09 server pf: db_connect(2): we are currently connected Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Tuesday, June 03, 2008 7:44 PM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, could you please apply the following patch to redir.cgi and resend again the log ? That should show us where this issue lies ... --- pf/cgi-bin/redir.cgi 032a7dd937b53e53a21c5cc4baad9483b934c547 +++ pf/cgi-bin/redir.cgi a5c9c1c315a579e698fb3c0de51d9a9d53c5faca @@ -52,6 +52,8 @@ my $unreg = node_unregistered($mac); #check to see if node needs to be registered # my $unreg = node_unregistered($mac); +pflogger("TEST: node_unregistered($mac) returns $unreg", 8); +pflogger("TEST: isenabled(trapping.registration) returns " . isenabled($Config{'trapping'}{'registration'}), 8); if ($unreg && isenabled($Config{'trapping'}{'registration'})){ pflogger("$mac redirected to registration page", 8); generate_registration_page($cgi, $session, $destination_url,$mac); Thanks, Dominik On 3-Jun-08, at 10:37 AM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply. > > Here are the results of what you requested. > > Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 (found) > Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:29 server pf: db_connect(0): checking handle > Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:30 server pf: db_connect(0): connected > Jun 3 10:31:30 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:31 server pf: db_connect(0): checking handle > Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:31 server pf: db_connect(0): connected > Jun 3 10:31:31 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is > calling db_connect > Jun 3 10:31:42 server pf: db_connect(2): checking handle > Jun 3 10:31:42 server pf: db_connect(2): we are currently connected > > [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 > Node 00:19:b9:7f:22:59 is not a known node! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Tuesday, June 03, 2008 10:24 AM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > the important line here is > > Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > > That's why the computer is being redirected to the packetfence.org > website (you can change the redirection using the trapping.redirecturl > parameter). > > Could you check that 00:19:b9:7f:22:59 is not already registered in > the database and repeat the test after setting the log verbosity to > 12 ? > > Thanks, > Dominik > > On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply. >> >> After making that change (I went back to the configurator.pl script >> and >> server.example.edu was what it recommended, btw) I'm now getting >> redirected to www.packetfence.org. In /var/log/messages I keep seeing >> the following: >> >> Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via >> eth1 >> Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 >> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:45 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:33:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> >> Thanks again, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Monday, June 02, 2008 4:47 PM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> the general.hostname parameter in pf.conf shouldn't contain the >> domain >> part ... so in your case it should just be 'server'. This way, >> clients >> won't be redirected to server.example.edu.example.edu, but to >> server.example.edu ! >> >> What do you obtain now ? Could you also send us some info from /var/ >> log/messages ? >> >> Thanks, >> Dominik >> >> On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: >> >>> Dominik, >>> >>> Thanks for the reply! >>> >>> I've looked through my config and made the changes I thought were >>> necessary and I'm at least getting something different! >>> >>> Now, when I try to go to a website I'm getting forwarded to " >>> >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >>> =http://www.google.com/ " >>> >>> I'm not sure what that means. >>> >>> Including my config. >>> >>> Thanks, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> >>> -----Original Message----- >>> From: Dominik Gehl [mailto:dg...@in...] >>> Sent: Monday, June 02, 2008 12:24 PM >>> To: Sawyers, Brandon W >>> Cc: pac...@li... >>> Subject: Re: [Packetfence-users] Configuration help >>> >>> Hi Brandon, >>> >>> from what I can see from the configuration file you sent, you are >>> trying the use DHCP based isolation/registration. In Your setup, the >>> PacketFence box seems to be the gateway, so do you have routing/NAT >>> configured on the PacketFence box ? >>> Also, I'm a bit surprised that your isolation, registration and >>> unreg >>> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >>> unregistered and even quarantined hosts to contact the authorized >>> hosts ... >>> >>> Dominik >>> >>> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >>> >>>> Hello everyone: >>>> >>>> We're wanting to use packetfence for our dorms and I've been >>>> working >>>> on getting it up and running. >>>> >>>> I'm fairly sure that I've gotten it installed properly. It will >>>> start with a "sane" config. >>>> >>>> However, I'm having two problems. >>>> >>>> Just for information I've got the packetfence box set up in my >>>> office with 2 network cards and a switch for my laptop to sit >>>> behind >>>> it. I'm not worried about nessus scans or snort really for now, but >>>> definitely want to do both later. >>>> >>>> The first problem I'm having is with the client not being able to >>>> get anywhere. The laptop will get an ip but when I try to load up >>>> any page or ping the back of the packetfence box, nothing happens. >>>> I've noticed that when I set eth1 (the inside interface) to >>>> managed, >>>> then I can ping the packetfence box and can resolve domain names, >>>> but nothing else. >>>> >>>> The second problem I'm having, and I think they might be related, >>>> is >>>> that I never get a registration page. When I try to go to google or >>>> some other web page, it just times out. >>>> >>>> I've included my config. >>>> >>>> Any help would be appreciated! >>>> >>>> Thanks, >>>> >>>> Brandon Sawyers >>>> Data Services Coordinator >>>> Pikeville College >>>> 147 Sycamore Street >>>> Pikeville, KY 41501 >>>> (606) 218-5300 >>>> >>>> <pf.conf> >>>> >>> >> > ------------------------------------------------------------------------ >>> - >>>> This SF.net email is sponsored by: Microsoft >>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>> >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >>> ______________________________ >>>> Packetfence-users mailing list >>>> Pac...@li... >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> <pf.conf> >> > ------------------------------------------------------------------------ - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Packetfence-users mailing list Pac...@li... https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-04 13:12:16
|
Dominick, Thanks for the reply. I had to manually patch the file. I don't think it liked the ". isenabled($Config{'trapping'}{'registration'}), 8);" part of the file. I've included the modified redir.cgi so you can make sure it does what it's supposed to do. I've also included my pf.conf just for the heck of it. And here is the results of the new redir.cgi: Jun 4 09:03:48 server dhcpd: DHCPRELEASE of 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 (found) Jun 4 09:03:56 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via eth1 Jun 4 09:03:56 server dhcpd: DHCPOFFER on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:03:56 server dhcpd: DHCPREQUEST for 192.168.12.253 (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:03:56 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 4 09:04:06 server pf: db_connect(0): function (eval) is calling db_connect Jun 4 09:04:06 server pf: db_connect(0): checking handle Jun 4 09:04:06 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 4 09:04:06 server pf: db_connect(0): connected Jun 4 09:04:07 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 4 09:04:07 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 4 09:04:07 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:07 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Jun 4 09:04:07 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 4 09:04:07 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 4 09:04:08 server pf: db_connect(0): function (eval) is calling db_connect Jun 4 09:04:08 server pf: db_connect(0): checking handle Jun 4 09:04:08 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 4 09:04:08 server pf: db_connect(0): connected Jun 4 09:04:08 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 4 09:04:08 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 4 09:04:08 server pf: redir.cgi(0): TEST: node_unregistered(00:19:b9:7f:22:59) returns Jun 4 09:04:08 server pf: redir.cgi(0): TEST: isenabled(trapping.registration) returns 1 Jun 4 09:04:08 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 4 09:04:08 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 4 09:04:09 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 4 09:04:09 server pf: db_connect(2): function main::cleanup is calling db_connect Jun 4 09:04:09 server pf: db_connect(2): checking handle Jun 4 09:04:09 server pf: db_connect(2): we are currently connected Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Tuesday, June 03, 2008 7:44 PM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, could you please apply the following patch to redir.cgi and resend again the log ? That should show us where this issue lies ... --- pf/cgi-bin/redir.cgi 032a7dd937b53e53a21c5cc4baad9483b934c547 +++ pf/cgi-bin/redir.cgi a5c9c1c315a579e698fb3c0de51d9a9d53c5faca @@ -52,6 +52,8 @@ my $unreg = node_unregistered($mac); #check to see if node needs to be registered # my $unreg = node_unregistered($mac); +pflogger("TEST: node_unregistered($mac) returns $unreg", 8); +pflogger("TEST: isenabled(trapping.registration) returns " . isenabled($Config{'trapping'}{'registration'}), 8); if ($unreg && isenabled($Config{'trapping'}{'registration'})){ pflogger("$mac redirected to registration page", 8); generate_registration_page($cgi, $session, $destination_url,$mac); Thanks, Dominik On 3-Jun-08, at 10:37 AM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply. > > Here are the results of what you requested. > > Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 (found) > Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:29 server pf: db_connect(0): checking handle > Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:30 server pf: db_connect(0): connected > Jun 3 10:31:30 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:31 server pf: db_connect(0): checking handle > Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:31 server pf: db_connect(0): connected > Jun 3 10:31:31 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is > calling db_connect > Jun 3 10:31:42 server pf: db_connect(2): checking handle > Jun 3 10:31:42 server pf: db_connect(2): we are currently connected > > [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 > Node 00:19:b9:7f:22:59 is not a known node! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Tuesday, June 03, 2008 10:24 AM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > the important line here is > > Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > > That's why the computer is being redirected to the packetfence.org > website (you can change the redirection using the trapping.redirecturl > parameter). > > Could you check that 00:19:b9:7f:22:59 is not already registered in > the database and repeat the test after setting the log verbosity to > 12 ? > > Thanks, > Dominik > > On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply. >> >> After making that change (I went back to the configurator.pl script >> and >> server.example.edu was what it recommended, btw) I'm now getting >> redirected to www.packetfence.org. In /var/log/messages I keep seeing >> the following: >> >> Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via >> eth1 >> Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 >> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:45 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:33:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> >> Thanks again, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Monday, June 02, 2008 4:47 PM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> the general.hostname parameter in pf.conf shouldn't contain the >> domain >> part ... so in your case it should just be 'server'. This way, >> clients >> won't be redirected to server.example.edu.example.edu, but to >> server.example.edu ! >> >> What do you obtain now ? Could you also send us some info from /var/ >> log/messages ? >> >> Thanks, >> Dominik >> >> On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: >> >>> Dominik, >>> >>> Thanks for the reply! >>> >>> I've looked through my config and made the changes I thought were >>> necessary and I'm at least getting something different! >>> >>> Now, when I try to go to a website I'm getting forwarded to " >>> >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >>> =http://www.google.com/ " >>> >>> I'm not sure what that means. >>> >>> Including my config. >>> >>> Thanks, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> >>> -----Original Message----- >>> From: Dominik Gehl [mailto:dg...@in...] >>> Sent: Monday, June 02, 2008 12:24 PM >>> To: Sawyers, Brandon W >>> Cc: pac...@li... >>> Subject: Re: [Packetfence-users] Configuration help >>> >>> Hi Brandon, >>> >>> from what I can see from the configuration file you sent, you are >>> trying the use DHCP based isolation/registration. In Your setup, the >>> PacketFence box seems to be the gateway, so do you have routing/NAT >>> configured on the PacketFence box ? >>> Also, I'm a bit surprised that your isolation, registration and >>> unreg >>> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >>> unregistered and even quarantined hosts to contact the authorized >>> hosts ... >>> >>> Dominik >>> >>> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >>> >>>> Hello everyone: >>>> >>>> We're wanting to use packetfence for our dorms and I've been >>>> working >>>> on getting it up and running. >>>> >>>> I'm fairly sure that I've gotten it installed properly. It will >>>> start with a "sane" config. >>>> >>>> However, I'm having two problems. >>>> >>>> Just for information I've got the packetfence box set up in my >>>> office with 2 network cards and a switch for my laptop to sit >>>> behind >>>> it. I'm not worried about nessus scans or snort really for now, but >>>> definitely want to do both later. >>>> >>>> The first problem I'm having is with the client not being able to >>>> get anywhere. The laptop will get an ip but when I try to load up >>>> any page or ping the back of the packetfence box, nothing happens. >>>> I've noticed that when I set eth1 (the inside interface) to >>>> managed, >>>> then I can ping the packetfence box and can resolve domain names, >>>> but nothing else. >>>> >>>> The second problem I'm having, and I think they might be related, >>>> is >>>> that I never get a registration page. When I try to go to google or >>>> some other web page, it just times out. >>>> >>>> I've included my config. >>>> >>>> Any help would be appreciated! >>>> >>>> Thanks, >>>> >>>> Brandon Sawyers >>>> Data Services Coordinator >>>> Pikeville College >>>> 147 Sycamore Street >>>> Pikeville, KY 41501 >>>> (606) 218-5300 >>>> >>>> <pf.conf> >>>> >>> >> > ------------------------------------------------------------------------ >>> - >>>> This SF.net email is sponsored by: Microsoft >>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>> >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >>> ______________________________ >>>> Packetfence-users mailing list >>>> Pac...@li... >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> <pf.conf> >> > |
From: Dominik G. <dg...@in...> - 2008-06-03 23:44:12
|
Hi Brandon, could you please apply the following patch to redir.cgi and resend again the log ? That should show us where this issue lies ... --- pf/cgi-bin/redir.cgi 032a7dd937b53e53a21c5cc4baad9483b934c547 +++ pf/cgi-bin/redir.cgi a5c9c1c315a579e698fb3c0de51d9a9d53c5faca @@ -52,6 +52,8 @@ my $unreg = node_unregistered($mac); #check to see if node needs to be registered # my $unreg = node_unregistered($mac); +pflogger("TEST: node_unregistered($mac) returns $unreg", 8); +pflogger("TEST: isenabled(trapping.registration) returns " . isenabled($Config{'trapping'}{'registration'}), 8); if ($unreg && isenabled($Config{'trapping'}{'registration'})){ pflogger("$mac redirected to registration page", 8); generate_registration_page($cgi, $session, $destination_url,$mac); Thanks, Dominik On 3-Jun-08, at 10:37 AM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply. > > Here are the results of what you requested. > > Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 (found) > Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:29 server pf: db_connect(0): checking handle > Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:30 server pf: db_connect(0): connected > Jun 3 10:31:30 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling > db_connect > Jun 3 10:31:31 server pf: db_connect(0): checking handle > Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 10:31:31 server pf: db_connect(0): connected > Jun 3 10:31:31 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to > mac (00:19:b9:7f:22:59) in ARP table > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being > redirected > Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and > redirecting to http://www.packetfence.org > Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is > calling db_connect > Jun 3 10:31:42 server pf: db_connect(2): checking handle > Jun 3 10:31:42 server pf: db_connect(2): we are currently connected > > [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 > Node 00:19:b9:7f:22:59 is not a known node! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Tuesday, June 03, 2008 10:24 AM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > the important line here is > > Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > > That's why the computer is being redirected to the packetfence.org > website (you can change the redirection using the trapping.redirecturl > parameter). > > Could you check that 00:19:b9:7f:22:59 is not already registered in > the database and repeat the test after setting the log verbosity to > 12 ? > > Thanks, > Dominik > > On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply. >> >> After making that change (I went back to the configurator.pl script >> and >> server.example.edu was what it recommended, btw) I'm now getting >> redirected to www.packetfence.org. In /var/log/messages I keep seeing >> the following: >> >> Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via >> eth1 >> Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 >> (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:32:45 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db >> connection is DEAD (re)connecting >> Jun 3 09:33:44 server pf: ip2mac(0): could not resolve >> 192.168.12.253 >> to mac in iplog table >> Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already >> registered or registration disabled, freeing mac >> Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds >> Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to >> 00:19:b9:7f:22:59 (gandalf) via eth1 >> Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds >> >> Thanks again, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Monday, June 02, 2008 4:47 PM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> the general.hostname parameter in pf.conf shouldn't contain the >> domain >> part ... so in your case it should just be 'server'. This way, >> clients >> won't be redirected to server.example.edu.example.edu, but to >> server.example.edu ! >> >> What do you obtain now ? Could you also send us some info from /var/ >> log/messages ? >> >> Thanks, >> Dominik >> >> On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: >> >>> Dominik, >>> >>> Thanks for the reply! >>> >>> I've looked through my config and made the changes I thought were >>> necessary and I'm at least getting something different! >>> >>> Now, when I try to go to a website I'm getting forwarded to " >>> >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >>> =http://www.google.com/ " >>> >>> I'm not sure what that means. >>> >>> Including my config. >>> >>> Thanks, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> >>> -----Original Message----- >>> From: Dominik Gehl [mailto:dg...@in...] >>> Sent: Monday, June 02, 2008 12:24 PM >>> To: Sawyers, Brandon W >>> Cc: pac...@li... >>> Subject: Re: [Packetfence-users] Configuration help >>> >>> Hi Brandon, >>> >>> from what I can see from the configuration file you sent, you are >>> trying the use DHCP based isolation/registration. In Your setup, the >>> PacketFence box seems to be the gateway, so do you have routing/NAT >>> configured on the PacketFence box ? >>> Also, I'm a bit surprised that your isolation, registration and >>> unreg >>> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >>> unregistered and even quarantined hosts to contact the authorized >>> hosts ... >>> >>> Dominik >>> >>> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >>> >>>> Hello everyone: >>>> >>>> We're wanting to use packetfence for our dorms and I've been >>>> working >>>> on getting it up and running. >>>> >>>> I'm fairly sure that I've gotten it installed properly. It will >>>> start with a "sane" config. >>>> >>>> However, I'm having two problems. >>>> >>>> Just for information I've got the packetfence box set up in my >>>> office with 2 network cards and a switch for my laptop to sit >>>> behind >>>> it. I'm not worried about nessus scans or snort really for now, but >>>> definitely want to do both later. >>>> >>>> The first problem I'm having is with the client not being able to >>>> get anywhere. The laptop will get an ip but when I try to load up >>>> any page or ping the back of the packetfence box, nothing happens. >>>> I've noticed that when I set eth1 (the inside interface) to >>>> managed, >>>> then I can ping the packetfence box and can resolve domain names, >>>> but nothing else. >>>> >>>> The second problem I'm having, and I think they might be related, >>>> is >>>> that I never get a registration page. When I try to go to google or >>>> some other web page, it just times out. >>>> >>>> I've included my config. >>>> >>>> Any help would be appreciated! >>>> >>>> Thanks, >>>> >>>> Brandon Sawyers >>>> Data Services Coordinator >>>> Pikeville College >>>> 147 Sycamore Street >>>> Pikeville, KY 41501 >>>> (606) 218-5300 >>>> >>>> <pf.conf> >>>> >>> >> > ------------------------------------------------------------------------ >>> - >>>> This SF.net email is sponsored by: Microsoft >>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>> >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >>> ______________________________ >>>> Packetfence-users mailing list >>>> Pac...@li... >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> <pf.conf> >> > |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-03 14:37:21
|
Dominik, Thanks for the reply. Here are the results of what you requested. Jun 3 10:31:07 server dhcpd: DHCPRELEASE of 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 (found) Jun 3 10:31:12 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 10:31:14 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via eth1 Jun 3 10:31:14 server dhcpd: DHCPOFFER on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 10:31:14 server dhcpd: DHCPREQUEST for 192.168.12.253 (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 10:31:14 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 10:31:29 server pf: db_connect(0): function (eval) is calling db_connect Jun 3 10:31:29 server pf: db_connect(0): checking handle Jun 3 10:31:29 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 3 10:31:30 server pf: db_connect(0): connected Jun 3 10:31:30 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 3 10:31:30 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 3 10:31:30 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 3 10:31:30 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 3 10:31:31 server pf: db_connect(0): function (eval) is calling db_connect Jun 3 10:31:31 server pf: db_connect(0): checking handle Jun 3 10:31:31 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 3 10:31:31 server pf: db_connect(0): connected Jun 3 10:31:31 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 3 10:31:31 server pf: ip2macinarp(0): resolved 192.168.12.253 to mac (00:19:b9:7f:22:59) in ARP table Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 being redirected Jun 3 10:31:31 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 3 10:31:31 server pf: redir.cgi(0): freed 00:19:b9:7f:22:59 and redirecting to http://www.packetfence.org Jun 3 10:31:42 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 10:31:42 server pf: db_connect(2): function main::cleanup is calling db_connect Jun 3 10:31:42 server pf: db_connect(2): checking handle Jun 3 10:31:42 server pf: db_connect(2): we are currently connected [root@server pf]# bin/pfcmd lookup node 00:19:b9:7f:22:59 Node 00:19:b9:7f:22:59 is not a known node! Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Tuesday, June 03, 2008 10:24 AM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, the important line here is Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac That's why the computer is being redirected to the packetfence.org website (you can change the redirection using the trapping.redirecturl parameter). Could you check that 00:19:b9:7f:22:59 is not already registered in the database and repeat the test after setting the log verbosity to 12 ? Thanks, Dominik On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply. > > After making that change (I went back to the configurator.pl script > and > server.example.edu was what it recommended, btw) I'm now getting > redirected to www.packetfence.org. In /var/log/messages I keep seeing > the following: > > Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:32:44 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:32:45 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:33:44 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds > > Thanks again, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Monday, June 02, 2008 4:47 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > the general.hostname parameter in pf.conf shouldn't contain the domain > part ... so in your case it should just be 'server'. This way, clients > won't be redirected to server.example.edu.example.edu, but to > server.example.edu ! > > What do you obtain now ? Could you also send us some info from /var/ > log/messages ? > > Thanks, > Dominik > > On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply! >> >> I've looked through my config and made the changes I thought were >> necessary and I'm at least getting something different! >> >> Now, when I try to go to a website I'm getting forwarded to " >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >> =http://www.google.com/ " >> >> I'm not sure what that means. >> >> Including my config. >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Monday, June 02, 2008 12:24 PM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> from what I can see from the configuration file you sent, you are >> trying the use DHCP based isolation/registration. In Your setup, the >> PacketFence box seems to be the gateway, so do you have routing/NAT >> configured on the PacketFence box ? >> Also, I'm a bit surprised that your isolation, registration and unreg >> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >> unregistered and even quarantined hosts to contact the authorized >> hosts ... >> >> Dominik >> >> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >> >>> Hello everyone: >>> >>> We're wanting to use packetfence for our dorms and I've been working >>> on getting it up and running. >>> >>> I'm fairly sure that I've gotten it installed properly. It will >>> start with a "sane" config. >>> >>> However, I'm having two problems. >>> >>> Just for information I've got the packetfence box set up in my >>> office with 2 network cards and a switch for my laptop to sit behind >>> it. I'm not worried about nessus scans or snort really for now, but >>> definitely want to do both later. >>> >>> The first problem I'm having is with the client not being able to >>> get anywhere. The laptop will get an ip but when I try to load up >>> any page or ping the back of the packetfence box, nothing happens. >>> I've noticed that when I set eth1 (the inside interface) to managed, >>> then I can ping the packetfence box and can resolve domain names, >>> but nothing else. >>> >>> The second problem I'm having, and I think they might be related, is >>> that I never get a registration page. When I try to go to google or >>> some other web page, it just times out. >>> >>> I've included my config. >>> >>> Any help would be appreciated! >>> >>> Thanks, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> <pf.conf> >>> >> > ------------------------------------------------------------------------ >> - >>> This SF.net email is sponsored by: Microsoft >>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >> ______________________________ >>> Packetfence-users mailing list >>> Pac...@li... >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> <pf.conf> > |
From: Dominik G. <dg...@in...> - 2008-06-03 14:24:37
|
Hi Brandon, the important line here is Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac That's why the computer is being redirected to the packetfence.org website (you can change the redirection using the trapping.redirecturl parameter). Could you check that 00:19:b9:7f:22:59 is not already registered in the database and repeat the test after setting the log verbosity to 12 ? Thanks, Dominik On 3-Jun-08, at 9:38 AM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply. > > After making that change (I went back to the configurator.pl script > and > server.example.edu was what it recommended, btw) I'm now getting > redirected to www.packetfence.org. In /var/log/messages I keep seeing > the following: > > Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via > eth1 > Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 > (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:32:44 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:32:45 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db > connection is DEAD (re)connecting > Jun 3 09:33:44 server pf: ip2mac(0): could not resolve 192.168.12.253 > to mac in iplog table > Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already > registered or registration disabled, freeing mac > Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds > Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to > 00:19:b9:7f:22:59 (gandalf) via eth1 > Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds > > Thanks again, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Monday, June 02, 2008 4:47 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > the general.hostname parameter in pf.conf shouldn't contain the domain > part ... so in your case it should just be 'server'. This way, clients > won't be redirected to server.example.edu.example.edu, but to > server.example.edu ! > > What do you obtain now ? Could you also send us some info from /var/ > log/messages ? > > Thanks, > Dominik > > On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: > >> Dominik, >> >> Thanks for the reply! >> >> I've looked through my config and made the changes I thought were >> necessary and I'm at least getting something different! >> >> Now, when I try to go to a website I'm getting forwarded to " >> > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url >> =http://www.google.com/ " >> >> I'm not sure what that means. >> >> Including my config. >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> >> -----Original Message----- >> From: Dominik Gehl [mailto:dg...@in...] >> Sent: Monday, June 02, 2008 12:24 PM >> To: Sawyers, Brandon W >> Cc: pac...@li... >> Subject: Re: [Packetfence-users] Configuration help >> >> Hi Brandon, >> >> from what I can see from the configuration file you sent, you are >> trying the use DHCP based isolation/registration. In Your setup, the >> PacketFence box seems to be the gateway, so do you have routing/NAT >> configured on the PacketFence box ? >> Also, I'm a bit surprised that your isolation, registration and unreg >> DHCP scopes use all the same subnet 192.168.10.0/24. This allows >> unregistered and even quarantined hosts to contact the authorized >> hosts ... >> >> Dominik >> >> On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: >> >>> Hello everyone: >>> >>> We're wanting to use packetfence for our dorms and I've been working >>> on getting it up and running. >>> >>> I'm fairly sure that I've gotten it installed properly. It will >>> start with a "sane" config. >>> >>> However, I'm having two problems. >>> >>> Just for information I've got the packetfence box set up in my >>> office with 2 network cards and a switch for my laptop to sit behind >>> it. I'm not worried about nessus scans or snort really for now, but >>> definitely want to do both later. >>> >>> The first problem I'm having is with the client not being able to >>> get anywhere. The laptop will get an ip but when I try to load up >>> any page or ping the back of the packetfence box, nothing happens. >>> I've noticed that when I set eth1 (the inside interface) to managed, >>> then I can ping the packetfence box and can resolve domain names, >>> but nothing else. >>> >>> The second problem I'm having, and I think they might be related, is >>> that I never get a registration page. When I try to go to google or >>> some other web page, it just times out. >>> >>> I've included my config. >>> >>> Any help would be appreciated! >>> >>> Thanks, >>> >>> Brandon Sawyers >>> Data Services Coordinator >>> Pikeville College >>> 147 Sycamore Street >>> Pikeville, KY 41501 >>> (606) 218-5300 >>> >>> <pf.conf> >>> >> > ------------------------------------------------------------------------ >> - >>> This SF.net email is sponsored by: Microsoft >>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>> >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ >> ______________________________ >>> Packetfence-users mailing list >>> Pac...@li... >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> <pf.conf> > |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-03 13:38:35
|
Dominik, Thanks for the reply. After making that change (I went back to the configurator.pl script and server.example.edu was what it recommended, btw) I'm now getting redirected to www.packetfence.org. In /var/log/messages I keep seeing the following: Jun 3 09:32:20 server dhcpd: DHCPDISCOVER from 00:19:b9:7f:22:59 via eth1 Jun 3 09:32:21 server dhcpd: DHCPOFFER on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:32:21 server dhcpd: DHCPREQUEST for 192.168.12.253 (10.1.1.106) from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:32:21 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:32:37 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:32:43 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 3 09:32:44 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 3 09:32:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 3 09:32:45 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 3 09:32:45 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 3 09:32:45 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 3 09:33:07 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:33:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:33:20 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:33:37 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:33:44 server pf: db_connect(0): Connecting 0 from 0 db connection is DEAD (re)connecting Jun 3 09:33:44 server pf: ip2mac(0): could not resolve 192.168.12.253 to mac in iplog table Jun 3 09:33:44 server pf: redir.cgi(0): 00:19:b9:7f:22:59 already registered or registration disabled, freeing mac Jun 3 09:34:07 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:34:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:34:20 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:34:37 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:35:07 server pf: dhcp_scoper(1): sleeping 30 seconds Jun 3 09:35:20 server dhcpd: DHCPREQUEST for 192.168.12.253 from 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:35:20 server dhcpd: DHCPACK on 192.168.12.253 to 00:19:b9:7f:22:59 (gandalf) via eth1 Jun 3 09:35:37 server pf: dhcp_scoper(1): sleeping 30 seconds Thanks again, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Monday, June 02, 2008 4:47 PM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, the general.hostname parameter in pf.conf shouldn't contain the domain part ... so in your case it should just be 'server'. This way, clients won't be redirected to server.example.edu.example.edu, but to server.example.edu ! What do you obtain now ? Could you also send us some info from /var/ log/messages ? Thanks, Dominik On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply! > > I've looked through my config and made the changes I thought were > necessary and I'm at least getting something different! > > Now, when I try to go to a website I'm getting forwarded to " > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url > =http://www.google.com/ " > > I'm not sure what that means. > > Including my config. > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Monday, June 02, 2008 12:24 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > from what I can see from the configuration file you sent, you are > trying the use DHCP based isolation/registration. In Your setup, the > PacketFence box seems to be the gateway, so do you have routing/NAT > configured on the PacketFence box ? > Also, I'm a bit surprised that your isolation, registration and unreg > DHCP scopes use all the same subnet 192.168.10.0/24. This allows > unregistered and even quarantined hosts to contact the authorized > hosts ... > > Dominik > > On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > >> Hello everyone: >> >> We're wanting to use packetfence for our dorms and I've been working >> on getting it up and running. >> >> I'm fairly sure that I've gotten it installed properly. It will >> start with a "sane" config. >> >> However, I'm having two problems. >> >> Just for information I've got the packetfence box set up in my >> office with 2 network cards and a switch for my laptop to sit behind >> it. I'm not worried about nessus scans or snort really for now, but >> definitely want to do both later. >> >> The first problem I'm having is with the client not being able to >> get anywhere. The laptop will get an ip but when I try to load up >> any page or ping the back of the packetfence box, nothing happens. >> I've noticed that when I set eth1 (the inside interface) to managed, >> then I can ping the packetfence box and can resolve domain names, >> but nothing else. >> >> The second problem I'm having, and I think they might be related, is >> that I never get a registration page. When I try to go to google or >> some other web page, it just times out. >> >> I've included my config. >> >> Any help would be appreciated! >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> <pf.conf> >> > ------------------------------------------------------------------------ > - >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ > ______________________________ >> Packetfence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > <pf.conf> |
From: Dominik G. <dg...@in...> - 2008-06-02 20:53:08
|
Hi Brandon, the general.hostname parameter in pf.conf shouldn't contain the domain part ... so in your case it should just be 'server'. This way, clients won't be redirected to server.example.edu.example.edu, but to server.example.edu ! What do you obtain now ? Could you also send us some info from /var/ log/messages ? Thanks, Dominik On 2-Jun-08, at 2:51 PM, Sawyers, Brandon W wrote: > Dominik, > > Thanks for the reply! > > I've looked through my config and made the changes I thought were > necessary and I'm at least getting something different! > > Now, when I try to go to a website I'm getting forwarded to " > https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url > =http://www.google.com/ " > > I'm not sure what that means. > > Including my config. > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Monday, June 02, 2008 12:24 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > from what I can see from the configuration file you sent, you are > trying the use DHCP based isolation/registration. In Your setup, the > PacketFence box seems to be the gateway, so do you have routing/NAT > configured on the PacketFence box ? > Also, I'm a bit surprised that your isolation, registration and unreg > DHCP scopes use all the same subnet 192.168.10.0/24. This allows > unregistered and even quarantined hosts to contact the authorized > hosts ... > > Dominik > > On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > >> Hello everyone: >> >> We're wanting to use packetfence for our dorms and I've been working >> on getting it up and running. >> >> I'm fairly sure that I've gotten it installed properly. It will >> start with a "sane" config. >> >> However, I'm having two problems. >> >> Just for information I've got the packetfence box set up in my >> office with 2 network cards and a switch for my laptop to sit behind >> it. I'm not worried about nessus scans or snort really for now, but >> definitely want to do both later. >> >> The first problem I'm having is with the client not being able to >> get anywhere. The laptop will get an ip but when I try to load up >> any page or ping the back of the packetfence box, nothing happens. >> I've noticed that when I set eth1 (the inside interface) to managed, >> then I can ping the packetfence box and can resolve domain names, >> but nothing else. >> >> The second problem I'm having, and I think they might be related, is >> that I never get a registration page. When I try to go to google or >> some other web page, it just times out. >> >> I've included my config. >> >> Any help would be appreciated! >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> <pf.conf> >> > ------------------------------------------------------------------------ > - >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ > ______________________________ >> Packetfence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > <pf.conf> |
From: Dominik G. <dg...@in...> - 2008-06-02 20:39:13
|
Hi Brandon, could you please file a bug report for this one at http://www.packetfence.org/mantis with the steps to reproduce it ? Thanks a lot, Dominik On 2-Jun-08, at 2:54 PM, Sawyers, Brandon W wrote: > Dominik, > > I forgot to mention a strange thing that was occurring. If I tried to > use the admin interface on the web to make any changes, it kept > setting > my outside interface to managed, instead of managed,external like NAT > requires. > > Not sure about that one either. > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > > -----Original Message----- > From: Dominik Gehl [mailto:dg...@in...] > Sent: Monday, June 02, 2008 12:24 PM > To: Sawyers, Brandon W > Cc: pac...@li... > Subject: Re: [Packetfence-users] Configuration help > > Hi Brandon, > > from what I can see from the configuration file you sent, you are > trying the use DHCP based isolation/registration. In Your setup, the > PacketFence box seems to be the gateway, so do you have routing/NAT > configured on the PacketFence box ? > Also, I'm a bit surprised that your isolation, registration and unreg > DHCP scopes use all the same subnet 192.168.10.0/24. This allows > unregistered and even quarantined hosts to contact the authorized > hosts ... > > Dominik > > On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > >> Hello everyone: >> >> We're wanting to use packetfence for our dorms and I've been working >> on getting it up and running. >> >> I'm fairly sure that I've gotten it installed properly. It will >> start with a "sane" config. >> >> However, I'm having two problems. >> >> Just for information I've got the packetfence box set up in my >> office with 2 network cards and a switch for my laptop to sit behind >> it. I'm not worried about nessus scans or snort really for now, but >> definitely want to do both later. >> >> The first problem I'm having is with the client not being able to >> get anywhere. The laptop will get an ip but when I try to load up >> any page or ping the back of the packetfence box, nothing happens. >> I've noticed that when I set eth1 (the inside interface) to managed, >> then I can ping the packetfence box and can resolve domain names, >> but nothing else. >> >> The second problem I'm having, and I think they might be related, is >> that I never get a registration page. When I try to go to google or >> some other web page, it just times out. >> >> I've included my config. >> >> Any help would be appreciated! >> >> Thanks, >> >> Brandon Sawyers >> Data Services Coordinator >> Pikeville College >> 147 Sycamore Street >> Pikeville, KY 41501 >> (606) 218-5300 >> >> <pf.conf> >> > ------------------------------------------------------------------------ > - >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ > ______________________________ >> Packetfence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-02 18:54:40
|
Dominik, I forgot to mention a strange thing that was occurring. If I tried to use the admin interface on the web to make any changes, it kept setting my outside interface to managed, instead of managed,external like NAT requires. Not sure about that one either. Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Monday, June 02, 2008 12:24 PM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, from what I can see from the configuration file you sent, you are trying the use DHCP based isolation/registration. In Your setup, the PacketFence box seems to be the gateway, so do you have routing/NAT configured on the PacketFence box ? Also, I'm a bit surprised that your isolation, registration and unreg DHCP scopes use all the same subnet 192.168.10.0/24. This allows unregistered and even quarantined hosts to contact the authorized hosts ... Dominik On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > Hello everyone: > > We're wanting to use packetfence for our dorms and I've been working > on getting it up and running. > > I'm fairly sure that I've gotten it installed properly. It will > start with a "sane" config. > > However, I'm having two problems. > > Just for information I've got the packetfence box set up in my > office with 2 network cards and a switch for my laptop to sit behind > it. I'm not worried about nessus scans or snort really for now, but > definitely want to do both later. > > The first problem I'm having is with the client not being able to > get anywhere. The laptop will get an ip but when I try to load up > any page or ping the back of the packetfence box, nothing happens. > I've noticed that when I set eth1 (the inside interface) to managed, > then I can ping the packetfence box and can resolve domain names, > but nothing else. > > The second problem I'm having, and I think they might be related, is > that I never get a registration page. When I try to go to google or > some other web page, it just times out. > > I've included my config. > > Any help would be appreciated! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > <pf.conf> > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ ______________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Sawyers, B. W <bsa...@pc...> - 2008-06-02 18:51:42
|
Dominik, Thanks for the reply! I've looked through my config and made the changes I thought were necessary and I'm at least getting something different! Now, when I try to go to a website I'm getting forwarded to " https://server.example.edu.example.edu/cgi-bin/redir.cgi?destination_url =http://www.google.com/ " I'm not sure what that means. Including my config. Thanks, Brandon Sawyers Data Services Coordinator Pikeville College 147 Sycamore Street Pikeville, KY 41501 (606) 218-5300 -----Original Message----- From: Dominik Gehl [mailto:dg...@in...] Sent: Monday, June 02, 2008 12:24 PM To: Sawyers, Brandon W Cc: pac...@li... Subject: Re: [Packetfence-users] Configuration help Hi Brandon, from what I can see from the configuration file you sent, you are trying the use DHCP based isolation/registration. In Your setup, the PacketFence box seems to be the gateway, so do you have routing/NAT configured on the PacketFence box ? Also, I'm a bit surprised that your isolation, registration and unreg DHCP scopes use all the same subnet 192.168.10.0/24. This allows unregistered and even quarantined hosts to contact the authorized hosts ... Dominik On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > Hello everyone: > > We're wanting to use packetfence for our dorms and I've been working > on getting it up and running. > > I'm fairly sure that I've gotten it installed properly. It will > start with a "sane" config. > > However, I'm having two problems. > > Just for information I've got the packetfence box set up in my > office with 2 network cards and a switch for my laptop to sit behind > it. I'm not worried about nessus scans or snort really for now, but > definitely want to do both later. > > The first problem I'm having is with the client not being able to > get anywhere. The laptop will get an ip but when I try to load up > any page or ping the back of the packetfence box, nothing happens. > I've noticed that when I set eth1 (the inside interface) to managed, > then I can ping the packetfence box and can resolve domain names, > but nothing else. > > The second problem I'm having, and I think they might be related, is > that I never get a registration page. When I try to go to google or > some other web page, it just times out. > > I've included my config. > > Any help would be appreciated! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > <pf.conf> > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_________________ ______________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Dominik G. <dg...@in...> - 2008-06-02 16:23:30
|
Hi Brandon, from what I can see from the configuration file you sent, you are trying the use DHCP based isolation/registration. In Your setup, the PacketFence box seems to be the gateway, so do you have routing/NAT configured on the PacketFence box ? Also, I'm a bit surprised that your isolation, registration and unreg DHCP scopes use all the same subnet 192.168.10.0/24. This allows unregistered and even quarantined hosts to contact the authorized hosts ... Dominik On 2-Jun-08, at 11:33 AM, Sawyers, Brandon W wrote: > Hello everyone: > > We’re wanting to use packetfence for our dorms and I’ve been working > on getting it up and running. > > I’m fairly sure that I’ve gotten it installed properly. It will > start with a “sane” config. > > However, I’m having two problems. > > Just for information I’ve got the packetfence box set up in my > office with 2 network cards and a switch for my laptop to sit behind > it. I’m not worried about nessus scans or snort really for now, but > definitely want to do both later. > > The first problem I’m having is with the client not being able to > get anywhere. The laptop will get an ip but when I try to load up > any page or ping the back of the packetfence box, nothing happens. > I’ve noticed that when I set eth1 (the inside interface) to managed, > then I can ping the packetfence box and can resolve domain names, > but nothing else. > > The second problem I’m having, and I think they might be related, is > that I never get a registration page. When I try to go to google or > some other web page, it just times out. > > I’ve included my config. > > Any help would be appreciated! > > Thanks, > > Brandon Sawyers > Data Services Coordinator > Pikeville College > 147 Sycamore Street > Pikeville, KY 41501 > (606) 218-5300 > > <pf.conf> > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Dominik G. <dg...@in...> - 2008-05-30 11:46:44
|
Hi John, do you see any error messages in the apache logs ? Could you send us your ldap.conf file (without the sensitive information) ? Dominik On 29-May-08, at 7:41 PM, Terhune, John wrote: > I’m having a bit of trouble configuring ldap authentication in PF > ZEN 0.1. Out of the box almost everything works properly but I > cannot seem to get pf to authenticate to anything but local. > > Here is what I have done to try to get ldap authentication working: > > I installed the apache ldap module with “yum install mod_authz_ldap” > I configured pf.conf to include ldap as an auth type with “auth=ldap” > I configured ldap.conf to match our server settings. > I restarted packetfence. > > After this, I am presented with the error: > > Syntax error on line 268 of /usr/local/pf/conf/httpd.conf: > Invalid command ‘AuthAuthoritative’, perhaps misspelled or defined > by a module not included in the server configuration > > If I comment out the ‘AuthAuthoritative’ line in templates/ldap.conf > it seems to work. > > On a redirected client, however, when I click register I am not > prompted with a login dialogue, but am given a page that says: > > “Authorization Required: This server could not verify that you are > authorized to access the document requested. Either you supplied the > wrong credentials (e.g. bad password), or your browser doesn’t > understand how to supply the credentials required.” > > Is there any documentation about setting up ldap authentication that > I am missing? What glaring error am I making? Any help would be > greatly appreciated. > > Thanks, > > John Terhune > Network Engineer > > Concordia University > 1530 Concordia West > Irvine, CA 92612 > 949.854.8002 x1258 > www.cui.edu > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Terhune, J. <Joh...@cu...> - 2008-05-29 23:41:01
|
I'm having a bit of trouble configuring ldap authentication in PF ZEN 0.1. Out of the box almost everything works properly but I cannot seem to get pf to authenticate to anything but local. Here is what I have done to try to get ldap authentication working: I installed the apache ldap module with "yum install mod_authz_ldap" I configured pf.conf to include ldap as an auth type with "auth=ldap" I configured ldap.conf to match our server settings. I restarted packetfence. After this, I am presented with the error: Syntax error on line 268 of /usr/local/pf/conf/httpd.conf: Invalid command 'AuthAuthoritative', perhaps misspelled or defined by a module not included in the server configuration If I comment out the 'AuthAuthoritative' line in templates/ldap.conf it seems to work. On a redirected client, however, when I click register I am not prompted with a login dialogue, but am given a page that says: "Authorization Required: This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g. bad password), or your browser doesn't understand how to supply the credentials required." Is there any documentation about setting up ldap authentication that I am missing? What glaring error am I making? Any help would be greatly appreciated. Thanks, John Terhune Network Engineer Concordia University 1530 Concordia West Irvine, CA 92612 949.854.8002 x1258 www.cui.edu |
From: Dominik G. <dg...@in...> - 2008-05-27 14:29:10
|
Hi everyone, we would like to request your input and feedback regarding the roadmap for the next releases of PacketFence. What are your needs and expectations ? Where would you like to see PacketFence going ? We've started a wiki page at http://www.packetfence.org/dokuwiki/doku.php?id=open_roadmap and encourage everyone to contribute to it ! Thanks a lot, Dominik |
From: Dominik G. <dg...@in...> - 2008-05-16 12:16:56
|
Hi Purwadi, according to the log file, ifIndex 10 is considered an uplink by pfsetvlan and that's why the VLAN doesn't get changed. Could you send us your switches.conf ? Thanks, Dominik On 16-May-08, at 5:53 AM, purwadi _ wrote: > > Dear Dominik > > > did you activate VLAN isolation ? > Yes i already activate VLAN isolation > > > Does the client switchport end up in the registration VLAN ? > No, when i plug the client on vlan 4 (Mac detection VLAN), the > client stay stick on vlan 4, doesnt move on to vlan 2 > (registrationVLAN) > > I use DHCP on the same machine server with PF (localhost). i didnt > use DNS for this labs. > > > Below capture of the logs. Wish u can help me ? > > > Many thanks > purwadi > > > > /usr/local/pf/logs/pfsetvlan.log > > > May 12 23:46:38 => thread 18: custom_doWeActOnThisTrap returns > false. Stop mac handling (main::handleTrap) > May 12 23:46:38 => thread 18: finished (main::cleanupAfterThread) > May 12 23:47:50 => thread 1: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > May 12 23:47:50 => thread 1: trap received at 192.168.2.251 ifindex > 10 which is uplink and we don't manage uplinks > (main::custom_doWeActOnThisTrap) > May 12 23:47:50 => thread 1: custom_doWeActOnThisTrap returns false. > Stop mac handling (main::handleTrap) > May 12 23:47:50 => thread 1: finished (main::cleanupAfterThread) > > > > /usr/local/pf/logs/snmptrapd.log > > 2008-05-12|03:51:49|UDP: [192.168.2.251]:52700|0.0.0.0| BEGIN TYPE 0 > END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS . > 1.3.6.1.2.1.1.3.0 = INTEGER: 37789197|.1.3.6.1.6.3.1.1.4.1.0 = OID: . > 1.3.6.1.4.1.9.9.215.2.0.1|.1.3.6.1.4.1.9.9.215.1.1.8.1.2.0 = Hex- > STRING: 01 00 04 00 11 25 2F 84 59 00 0A 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 END VARIABLEBINDINGS > > configuration on switch > > > > > interface FastEthernet0/8 > switchport access vlan 2 > switchport mode access > no ip address > snmp trap mac-notification added > ! > interface FastEthernet0/9 > switchport access vlan 4 > switchport mode access > no ip address > > interface FastEthernet0/8 > switchport access vlan 2 > switchport mode access > no ip address > snmp trap mac-notification added > ! > interface FastEthernet0/9 > switchport access vlan 4 > switchport mode access > no ip address > > > interface FastEthernet0/8 > switchport access vlan 2 > switchport mode access > no ip address > snmp trap mac-notification added > ! > interface FastEthernet0/9 > switchport access vlan 4 > switchport mode access > no ip address > > interface FastEthernet0/8 > switchport access vlan 2 > switchport mode access > no ip address > snmp trap mac-notification added > ! > interface FastEthernet0/9 > switchport access vlan 4 > switchport mode access > no ip address > > > interface Vlan2 > description registration > ip address 192.168.2.251 255.255.255.0 > no ip route-cache > ! > interface Vlan3 > description isolation > ip address 192.168.3.254 255.255.255.0 > no ip route-cache > ! > interface Vlan4 > description macdetection > no ip address > no ip route-cache > shutdown > ! > interface Vlan222 > description normalvlan > ip address 192.168.205.251 255.255.255.0 > no ip route-cache > shutdown > > snmp-server engineID local 800000090300000B5F74CE41 > snmp-server community public RO > snmp-server community private RO > snmp-server enable traps config > snmp-server enable traps syslog > snmp-server enable traps entity > snmp-server enable traps rtr > snmp-server enable traps c2900 > snmp-server enable traps vtp > snmp-server enable traps vlan-membership > snmp-server enable traps MAC-Notification > snmp-server enable traps hsrp > snmp-server enable traps cluster > snmp-server host 192.168.205.222 version 2c public MAC-Notification > snmp > ! > > > > > > > > > > > On Thu, May 15, 2008 at 7:11 PM, Dominik Gehl <dg...@in...> > wrote: > Hi Purwadi, > > did you activate VLAN isolation ? Does the client switchport end up > in the registration VLAN ? How's your DHCP and DNS setup in the > registration VLAN ? > > > Thanks, > Dominik > > > On 14-May-08, at 9:26 PM, purwadi _ wrote: > > Dear All > > I just installed packetfence 1.7 on fedora core 6 with cisco 2950. > Seems everything going right. > i faced the problem in the client side > > Why my client couldn't redirected to registration page ? thus i > should register it manually. > in whic part goes wrong ? do i need reconfigure my ip tables ? > > > many thanks > > regards > purwadi > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > |
From: purwadi _ <pur...@gm...> - 2008-05-16 09:53:45
|
Dear Dominik > did you activate VLAN isolation ? Yes i already activate VLAN isolation > Does the client switchport end up in the registration VLAN ? No, when i plug the client on vlan 4 (Mac detection VLAN), the client stay stick on vlan 4, doesnt move on to vlan 2 (registrationVLAN) I use DHCP on the same machine server with PF (localhost). i didnt use DNS for this labs. Below capture of the logs. Wish u can help me ? Many thanks purwadi /usr/local/pf/logs/pfsetvlan.log May 12 23:46:38 => thread 18: custom_doWeActOnThisTrap returns false. Stop mac handling (main::handleTrap) May 12 23:46:38 => thread 18: finished (main::cleanupAfterThread) May 12 23:47:50 => thread 1: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) May 12 23:47:50 => thread 1: trap received at 192.168.2.251 ifindex 10 which is uplink and we don't manage uplinks (main::custom_doWeActOnThisTrap) May 12 23:47:50 => thread 1: custom_doWeActOnThisTrap returns false. Stop mac handling (main::handleTrap) May 12 23:47:50 => thread 1: finished (main::cleanupAfterThread) /usr/local/pf/logs/snmptrapd.log 2008-05-12|03:51:49|UDP: [192.168.2.251]:52700|0.0.0.0| BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = INTEGER: 37789197|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.215.2.0.1|.1.3.6.1.4.1.9.9.215.1.1.8.1.2.0 = Hex-STRING: 01 00 04 00 11 25 2F 84 59 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 END VARIABLEBINDINGS configuration on switch interface FastEthernet0/8 switchport access vlan 2 switchport mode access no ip address snmp trap mac-notification added ! interface FastEthernet0/9 switchport access vlan 4 switchport mode access no ip address interface FastEthernet0/8 switchport access vlan 2 switchport mode access no ip address snmp trap mac-notification added ! interface FastEthernet0/9 switchport access vlan 4 switchport mode access no ip address interface FastEthernet0/8 switchport access vlan 2 switchport mode access no ip address snmp trap mac-notification added ! interface FastEthernet0/9 switchport access vlan 4 switchport mode access no ip address interface FastEthernet0/8 switchport access vlan 2 switchport mode access no ip address snmp trap mac-notification added ! interface FastEthernet0/9 switchport access vlan 4 switchport mode access no ip address interface Vlan2 description registration ip address 192.168.2.251 255.255.255.0 no ip route-cache ! interface Vlan3 description isolation ip address 192.168.3.254 255.255.255.0 no ip route-cache ! interface Vlan4 description macdetection no ip address no ip route-cache shutdown ! interface Vlan222 description normalvlan ip address 192.168.205.251 255.255.255.0 no ip route-cache shutdown snmp-server engineID local 800000090300000B5F74CE41 snmp-server community public RO snmp-server community private RO snmp-server enable traps config snmp-server enable traps syslog snmp-server enable traps entity snmp-server enable traps rtr snmp-server enable traps c2900 snmp-server enable traps vtp snmp-server enable traps vlan-membership snmp-server enable traps MAC-Notification snmp-server enable traps hsrp snmp-server enable traps cluster snmp-server host 192.168.205.222 version 2c public MAC-Notification snmp ! On Thu, May 15, 2008 at 7:11 PM, Dominik Gehl <dg...@in...> wrote: > Hi Purwadi, > > did you activate VLAN isolation ? Does the client switchport end up in the > registration VLAN ? How's your DHCP and DNS setup in the registration VLAN ? > > Thanks, > Dominik > > > On 14-May-08, at 9:26 PM, purwadi _ wrote: > > Dear All >> >> I just installed packetfence 1.7 on fedora core 6 with cisco 2950. Seems >> everything going right. >> i faced the problem in the client side >> >> Why my client couldn't redirected to registration page ? thus i should >> register it manually. >> in whic part goes wrong ? do i need reconfigure my ip tables ? >> >> >> many thanks >> >> regards >> purwadi >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ >> Packetfence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > |
From: Dominik G. <dg...@in...> - 2008-05-15 12:11:27
|
Hi Purwadi, did you activate VLAN isolation ? Does the client switchport end up in the registration VLAN ? How's your DHCP and DNS setup in the registration VLAN ? Thanks, Dominik On 14-May-08, at 9:26 PM, purwadi _ wrote: > Dear All > > I just installed packetfence 1.7 on fedora core 6 with cisco 2950. > Seems everything going right. > i faced the problem in the client side > > Why my client couldn't redirected to registration page ? thus i > should register it manually. > in whic part goes wrong ? do i need reconfigure my ip tables ? > > > many thanks > > regards > purwadi > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: purwadi _ <pur...@gm...> - 2008-05-15 01:26:17
|
Dear All I just installed packetfence 1.7 on fedora core 6 with cisco 2950. Seems everything going right. i faced the problem in the client side Why my client couldn't redirected to registration page ? thus i should register it manually. in whic part goes wrong ? do i need reconfigure my ip tables ? many thanks regards purwadi |
From: Regis B. <rba...@in...> - 2008-05-14 01:22:12
|
> Hi everyone, Hi John, > I’m the network engineer at a relatively small university which at this > point has absolutely no NAC or authentication. I recently found out > about PacketFence and I am extremely interested in implementing it. The > new features in 1.7 are very exciting. PacketFence look more robust than > even many commercial solutions. First of all, I would like to thank you for your interest in PacketFence. > We have one problem, however. We use Enterasys switches which aren’t > supported for VLAN isolation. You are not the first person asking us about adding support for more switches. And this is a good news for everyone because the more switches PacketFence supports the more flexible and interesting PacketFence will be. > The documentation says that adding support > for another vendor’s switches involves extending the pf::SNMP class. Do > you think this is something that someone such as myself, having > virtually no programming experience, could hack through? To be really honest with you, if you don't have experience in programming and especially in Perl programming and SNMP, it might be very hard for you to do it. > Should I wait for the next version and hope support is added? Waiting for the next release might neither be a good option since it's not sure that someone in the PacketFence community has currently access to Enterasys switches and is willing to add the support for them. We at Inverse in fact don't have any Enterasys switches at the moment ... > Any advice would be greatly appreciated. Let's talk off list on options how we could help you adding support for the switches. Regards -- rba...@in... :: +1.514.755.3650 :: http://www.inverse.ca |
From: Terhune, J. <Joh...@cu...> - 2008-05-13 14:59:52
|
Hi everyone, I'm the network engineer at a relatively small university which at this point has absolutely no NAC or authentication. I recently found out about PacketFence and I am extremely interested in implementing it. The new features in 1.7 are very exciting. PacketFence look more robust than even many commercial solutions. We have one problem, however. We use Enterasys switches which aren't supported for VLAN isolation. The documentation says that adding support for another vendor's switches involves extending the pf::SNMP class. Do you think this is something that someone such as myself, having virtually no programming experience, could hack through? Should I wait for the next version and hope support is added? Should I implement PacketFence using arp poisoning? Any advice would be greatly appreciated. Thanks, John Terhune Network Engineer Concordia University 1530 Concordia West Irvine, CA 92612 949.854.8002 x1258 www.cui.edu |
From: Dominik G. <dg...@in...> - 2008-05-13 12:42:42
|
Hi, we would definitely like to continue to provide some 'appliance version' of PacketFence. In fact, in order to start the work on this, we would like to know what the community thinks. What kind of 'virtual' version would everyone like to see ? A vmware image ? A xen image ? A liveCD ? Also, are there some people who would like to help building and maintaining it ? Thanks, Dominik On 13-May-08, at 12:09 AM, Tristan RHODES wrote: > Thanks for the great contribution! Documentation is a very important > aspect of an open source project. > > Do you forsee any further development on an virtual appliance or > installable appliance version of PacketFence? I think that would be a > great benefit to the members of the Packetfence community who do not > have advanced Linux skills. > > http://www.vmware.com/appliances/directory/837 > > Thanks, > > Tristan Rhodes > >>>> Regis Balzard <rba...@in...> 05/12/08 3:30 PM >>> > Following the availability of PacketFence 1.7, the Inverse team has > just > > released a documentation about how to install and configure this > release: > http://www.packetfence.org/dokuwiki/doku.php?id=1.7 > > You will find details about VLAN isolation with VoIP support. > This documentation is only the first draft and will be updated > regularly. > > You are more than welcome to send us feedback and suggestions on it. > > > For any questions, do not hesitate to visit the PacketFence support > page (http://www.packetfence.org/support/community.html) for the > support level you require (community / commercial). > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Tristan R. <tri...@we...> - 2008-05-13 04:10:10
|
Thanks for the great contribution! Documentation is a very important aspect of an open source project. Do you forsee any further development on an virtual appliance or installable appliance version of PacketFence? I think that would be a great benefit to the members of the Packetfence community who do not have advanced Linux skills. http://www.vmware.com/appliances/directory/837 Thanks, Tristan Rhodes >>> Regis Balzard <rba...@in...> 05/12/08 3:30 PM >>> Following the availability of PacketFence 1.7, the Inverse team has just released a documentation about how to install and configure this release: http://www.packetfence.org/dokuwiki/doku.php?id=1.7 You will find details about VLAN isolation with VoIP support. This documentation is only the first draft and will be updated regularly. You are more than welcome to send us feedback and suggestions on it. For any questions, do not hesitate to visit the PacketFence support page (http://www.packetfence.org/support/community.html) for the support level you require (community / commercial). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Packetfence-users mailing list Pac...@li... https://lists.sourceforge.net/lists/listinfo/packetfence-users |
From: Regis B. <rba...@in...> - 2008-05-12 21:30:42
|
Following the availability of PacketFence 1.7, the Inverse team has just released a documentation about how to install and configure this release: http://www.packetfence.org/dokuwiki/doku.php?id=1.7 You will find details about VLAN isolation with VoIP support. This documentation is only the first draft and will be updated regularly. You are more than welcome to send us feedback and suggestions on it. For any questions, do not hesitate to visit the PacketFence support page (http://www.packetfence.org/support/community.html) for the support level you require (community / commercial). |