'[PacketFence-users] WMI prereg and reg scans fail when user connects'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    [PacketFence-users] WMI prereg and reg scans fail when user connects
From:       Eran Benno via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2019-01-23 11:57:29
Message-ID: AM5P194MB006595EFEB74DD504A579BCEFA990 () AM5P194MB0065 ! EURP194 ! PROD ! OUTLOOK ! COM
[Download RAW message or body]

Hello Fabrice,

The "Allow on registration" check box was marked.
I restarted pfdns service, however the issue persisted.
Had to reboot PF server and WMI on command line now works, but the Scan Engine \
doesn't kick in in the registration phase.

I'm going to try a fresh install, perhaps I played with too many things there.
Brgds,

Eran.

From: Durand fabrice via PacketFence-users \
                [mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, January 23, 2019 4:48 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabriceþ <fdurand@inverse.ca>
Subject: Re: [PacketFence-users] WMI prereg and reg scans fail when user connects


Hello Eran,

it can happen if the account you use to do the wmi query never logon this target \
machine.

To bypass that there is a configuration parameter in the domain config to allow the \
device in the reg vlan to reach the ad.

Enable that and restart pfdns.

Regards

Fabrice


Le 19-01-21 à 10 h 25, Eran Benno via PacketFence-users a écrit :
Hello Fabrice

I have the same issue as in:
https://sourceforge.net/p/packetfence/mailman/message/35904332/
This is after an upgrade of PF ver 8.3.0 with out of band deployment.
Note that I had it working in 8.2.4.

Currently even the direct command from the server doesn't work:
wmic -U <domain>/<user>%'<pass>' --namespace="ROOT\cimv2" //<IP in registration> \
"select UserName from Win32_ComputerSystem" …NTSTATUS: NT_STATUS_ACCESS_DENIED - \
Access denied

I don't see a resolution in the thread – any advice?

Thanks,
Eran.





_______________________________________________

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>


https://lists.sourceforge.net/lists/listinfo/packetfence-users


[Attachment #3 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	text-align:right;
	direction:rtl;
	unicode-bidi:embed;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	color:black;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	text-align:right;
	direction:rtl;
	unicode-bidi:embed;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	color:black;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9 \05EA\05D5";
	margin:0cm;
	margin-bottom:.0001pt;
	text-align:left;
	direction:ltr;
	unicode-bidi:embed;
	font-size:10.0pt;
	font-family:"Courier New";
	color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	text-align:left;
	direction:ltr;
	unicode-bidi:embed;
	font-size:12.0pt;
	font-family:"Times New Roman",serif;
	color:black;}
span.EmailStyle19
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
span.HTML
	{mso-style-name:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9 \05EA\05D5";
	mso-style-priority:99;
	mso-style-link:"HTML \05DE\05E2\05D5\05E6\05D1 \05DE\05E8\05D0\05E9";
	font-family:Consolas;
	color:black;}
span.EmailStyle22
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Hello Fabrice,<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">The &quot;Allow on registration&quot; check box was \
marked.<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">I restarted pfdns service, however the issue \
persisted.<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Had to reboot PF server and WMI on command line now works, \
but the Scan Engine doesn't kick in in the registration phase.<o:p></o:p></span></p> \
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">I'm going to try a fresh install, perhaps I played with too \
many things there.<o:p></o:p></span></p> <div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Brgds,<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p>&nbsp;</o:p></span></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext">Eran.</span><span \
style="color:windowtext"><o:p></o:p></span></p> </div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="color:windowtext"><o:p>&nbsp;</o:p></span></p> <div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><b><span \
style="color:windowtext">From:</span></b><span style="color:windowtext"> Durand \
fabrice via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] <br>
<b>Sent:</b> Wednesday, January 23, 2019 4:48 AM<br>
<b>To:</b> packetfence-users@lists.sourceforge.net<br>
<b>Cc:</b> Durand fabrice<span dir="RTL"></span><span lang="HE" dir="RTL"><span \
dir="RTL"></span>þ</span><span dir="LTR"></span><span dir="LTR"></span> \
&lt;fdurand@inverse.ca&gt;<br> <b>Subject:</b> Re: [PacketFence-users] WMI prereg and \
reg scans fail when user connects<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><o:p>&nbsp;</o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Hello Eran,<span \
style="font-size:12.0pt"><o:p></o:p></span></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">it can happen if the account \
you use to do the wmi query never logon this target machine.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">To bypass that there is a \
configuration parameter in the domain config to allow the device in the reg vlan to \
reach the ad.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Enable that and restart \
pfdns.<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Regards<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed">Fabrice<o:p></o:p></p> <p \
style="text-align:left;direction:ltr;unicode-bidi:embed"><o:p>&nbsp;</o:p></p> <div>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Le \
19-01-21 à 10 h 25, Eran Benno via PacketFence-users a écrit&nbsp;:<o:p></o:p></p> \
</div> <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Hello \
Fabrice <o:p></o:p></p>
<p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">&nbsp;<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">I have the \
same issue as in:<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed"><a \
href="https://sourceforge.net/p/packetfence/mailman/message/35904332/">https://sourceforge.net/p/packetfence/mailman/message/35904332/</a><o:p></o:p></p>
 <p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">This \
is after an upgrade of PF ver 8.3.0 with out of band deployment.<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Note that \
I had it working in 8.2.4.<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">&nbsp;<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Currently \
even the direct command from the server doesn't work:<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">wmic -U \
&lt;domain&gt;/&lt;user&gt;%'&lt;pass&gt;' --namespace=&quot;ROOT\cimv2&quot; \
//&lt;IP in registration&gt; &quot;select UserName from \
Win32_ComputerSystem&quot;<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">…NTSTATUS: \
NT_STATUS_ACCESS_DENIED - Access denied<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">&nbsp;<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">I don't \
see a resolution in the thread – any advice?<o:p></o:p></p> <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">&nbsp;<o:p></o:p></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Thanks,<o:p></o:p></p>
 <p class="MsoNormal" \
style="text-align:left;direction:ltr;unicode-bidi:embed">Eran.<o:p></o:p></p> <p \
class="MsoNormal" dir="RTL"><span dir="LTR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span \
style="font-size:12.0pt;font-family:&quot;Times New Roman&quot;,serif"><br> <br>
<br>
<span lang="HE" dir="RTL"><o:p></o:p></span></span></p>
<pre><span dir="LTR"></span><span \
dir="LTR"></span>_______________________________________________<o:p></o:p></pre> \
<pre>PacketFence-users mailing list<o:p></o:p></pre> <pre><a \
href="mailto:PacketFence-users@lists.sourceforge.net">PacketFence-users@lists.sourceforge.net</a><o:p></o:p></pre>
 <pre><a href="https://lists.sourceforge.net/lists/listinfo/packetfence-users">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><o:p></o:p></pre>
 </blockquote>
</div>
</body>
</html>


[Attachment #4 (--===============4605057000745346781==)]


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic