search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.39k stars 290 forks source link

dns configuration on debian install #8043

Open chri2 opened 8 months ago

chri2 commented 8 months ago

Describe the bug After installing packetfence on debian 11.9 the configuration portals didn't work.

/etc/hosts contains the following two lines:

127.0.0.1   localhost
127.0.1.1   <hostname>.<domain> <hostname>

pfdns.conf contains:

[% domain %]

    # This configuration will check in the /etc/hosts and if the fqdn match it will return the corresponding ip.
    # If it doesn't match then it will continue
    hosts {
        fallthrough
    }

When a client on the registration vlan is redirected to http://<hostname>.<domain>/captive-portal and requests the IP for <hostname>.<domain> it gets the answer 127.0.0.1.

To Reproduce Steps to reproduce the behavior:

  1. Install Debian 11.9
  2. Install packetfence as described in the installation manual
  3. Configure a registration interface, leave Portal FQDN empty
  4. Try using it

Expected behavior The portal should work, the client trying to register should get an IP as a DNS answer to the portals default fqdn that works.

More generally: I can't think of a case where it would make sense for packetfence to answer a dns request on the registration vlan with 127.0.0.1.

Desktop (please complete the following information):

Additional context: I just installed a new Debian based Packetfence 13.1 and stumbled over this. I remeber that I stumbled after a version 12.x install over the same default configuration and solved it that time by commenting out the line in /etc/hosts containing <hostname>.<domain>.

garci66 commented 6 months ago

im seeing the same issue on pf 13.1 with rocky linux 8.9. My resolution, for the time being, has been this: https://github.com/inverse-inc/packetfence/issues/5765#issuecomment-681194433 add a pf-specfific hosts file (under /usr/local/pf/conf/pf.hosts with the entry 66.70.255.147 portal.fqdn (of course, replace portal.fqdn with the proper name) and then edit the pfdns.conf as shown in that comment.

I was going crazy.. took me like a week to get it working.