[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: [PacketFence-users] WMI prereg and reg scans fail when user connects
From: Eran Benno via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date: 2019-01-23 11:57:29
Message-ID: AM5P194MB006595EFEB74DD504A579BCEFA990 () AM5P194MB0065 ! EURP194 ! PROD ! OUTLOOK ! COM
[Download RAW message or body]
Hello Fabrice,
The "Allow on registration" check box was marked.
I restarted pfdns service, however the issue persisted.
Had to reboot PF server and WMI on command line now works, but the Scan Engine \
doesn't kick in in the registration phase.
I'm going to try a fresh install, perhaps I played with too many things there.
Brgds,
Eran.
From: Durand fabrice via PacketFence-users \
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, January 23, 2019 4:48 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabriceþ <fdurand@inverse.ca>
Subject: Re: [PacketFence-users] WMI prereg and reg scans fail when user connects
Hello Eran,
it can happen if the account you use to do the wmi query never logon this target \
machine.
To bypass that there is a configuration parameter in the domain config to allow the \
device in the reg vlan to reach the ad.
Enable that and restart pfdns.
Regards
Fabrice
Le 19-01-21 à 10 h 25, Eran Benno via PacketFence-users a écrit :
Hello Fabrice
I have the same issue as in:
https://sourceforge.net/p/packetfence/mailman/message/35904332/
This is after an upgrade of PF ver 8.3.0 with out of band deployment.
Note that I had it working in 8.2.4.
Currently even the direct command from the server doesn't work:
wmic -U <domain>/<user>%'<pass>' --namespace="ROOT\cimv2" //<IP in registration> \
"select UserName from Win32_ComputerSystem" …NTSTATUS: NT_STATUS_ACCESS_DENIED - \
Access denied
I don't see a resolution in the thread – any advice?
Thanks,
Eran.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:right;
direction:rtl;
unicode-bidi:embed;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
text-align:right;
direction:rtl;
unicode-bidi:embed;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9 \05EA\05D5";
margin:0cm;
margin-bottom:.0001pt;
text-align:left;
direction:ltr;
unicode-bidi:embed;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
text-align:left;
direction:ltr;
unicode-bidi:embed;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTML
{mso-style-name:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9 \05EA\05D5";
mso-style-priority:99;
mso-style-link:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9";
font-family:Consolas;
color:black;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Hello Fabrice,<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p> </o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">The "Allow on registration" check box was \
marked.<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">I restarted pfdns service, however the issue \
persisted.<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Had to reboot PF server and WMI on command line now works, \
but the Scan Engine doesn't kick in in the registration phase.<o:p></o:p></span></p> \
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p> </o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">I'm going to try a fresh install, perhaps I played with too \
many things there.<o:p></o:p></span></p> <div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Brgds,<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p> </o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Eran.</span><span \
style="color:windowtext"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p> </o:p></span></p> <div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><b><span \
style="color:windowtext">From:</span></b><span style="color:windowtext"> Durand \
fabrice via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] <br>
<b>Sent:</b> Wednesday, January 23, 2019 4:48 AM<br>
<b>To:</b> packetfence-users@lists.sourceforge.net<br>
<b>Cc:</b> Durand fabrice<span dir="RTL"></span><span lang="HE" dir="RTL"><span \
dir="RTL"></span>þ</span><span dir="LTR"></span><span dir="LTR"></span> \
<fdurand@inverse.ca><br> <b>Subject:</b> Re: [PacketFence-users] WMI prereg and \
reg scans fail when user connects<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><o:p> </o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Hello Eran,<span \
style="font-size:12.0pt"><o:p></o:p></span></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">it can happen if the account \
you use to do the wmi query never logon this target machine.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">To bypass that there is a \
configuration parameter in the domain config to allow the device in the reg vlan to \
reach the ad.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Enable that and restart \
pfdns.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Regards<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Fabrice<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed"><o:p> </o:p></p> <div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Le \
19-01-21 à 10 h 25, Eran Benno via PacketFence-users a écrit :<o:p></o:p></p> \
</div> <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Hello \
Fabrice <o:p></o:p></p>
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"> <o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">I have the \
same issue as in:<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><a \
href="https://sourceforge.net/p/packetfence/mailman/message/35904332/">https://sourceforge.net/p/packetfence/mailman/message/35904332/</a><o:p></o:p></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">This \
is after an upgrade of PF ver 8.3.0 with out of band deployment.<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Note that \
I had it working in 8.2.4.<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"> <o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Currently \
even the direct command from the server doesn't work:<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">wmic -U \
<domain>/<user>%'<pass>' --namespace="ROOT\cimv2" \
//<IP in registration> "select UserName from \
Win32_ComputerSystem"<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">…NTSTATUS: \
NT_STATUS_ACCESS_DENIED - Access denied<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"> <o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">I don't \
see a resolution in the thread – any advice?<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"> <o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Thanks,<o:p></o:p></p>
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">Eran.<o:p></o:p></p> <p \
class="MsoNormal" dir="RTL"><span dir="LTR"> <o:p></o:p></span></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="font-size:12.0pt;font-family:"Times New Roman",serif"><br> <br>
<br>
<span lang="HE" dir="RTL"><o:p></o:p></span></span></p>
<pre><span dir="LTR"></span><span \
dir="LTR"></span>_______________________________________________<o:p></o:p></pre> \
<pre>PacketFence-users mailing list<o:p></o:p></pre> <pre><a \
href="mailto:PacketFence-users@lists.sourceforge.net">PacketFence-users@lists.sourceforge.net</a><o:p></o:p></pre>
<pre><a href="https://lists.sourceforge.net/lists/listinfo/packetfence-users">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><o:p></o:p></pre>
</blockquote>
</div>
</body>
</html>
[Attachment #4 (--===============4605057000745346781==)]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic