PacketFence 3.5.1 / 3.6.0 / 4.0.1 Install

*If you have been following this post since the beginning, because I have been having so many problems with PacketFence and CentOS 5.8, I have decided to scrap what I have done so far CentOS 5.8 and go with CentOS 6.3. I have already made the changes below to reflect the 6.3 install.*

I have decided to write up some instructions on how to install PacketFence. If you don't know what PacketFence is, it provides Network Access Control or NAC. A NAC helps you control who can and can't have access your network.

You can go Here for more information on PacketFence.

The PacketFence Network Administration Guide, in my opinion, is really not laid out well. You have to jump around the guide to find what you are looking for.

PacketFence uses/requires:

- Web server (httpd)

- DHCP server (dhcpd)

- DNS server (named)

- FreeRADIUS server (radiusd)

- Snort/Suricata Network IDS (snort/suricata)

- Firewall (iptables)

-------------

Okay, on to the installation.
1. Install CentOS. I have installed the bare minimum for CentOS 6.3 32-Bit.
2. After install has completed, login and update the system with the command "yum update".

*At this point I started following PacketFence Administration Guide
3. Disable SELinux.

     - At the command line type "vi /etc/sysconfig/selinux" and press enter

     - Change SELINUX from enforced to disabled.

     - Reboot the computer by typing "reboot"

4. There are some third party repositories (repo for short) that are required to get all the proper PacketFence dependencies; Repoforge (previously known as rpmforge), EPEL (Extra Packages for Enterprise Linux), OpenFusion 

• rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.`uname -m`.rpm
• rpm -Uvh http://download.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm
• rpm -Uvh http://www.openfusion.com.au/mrepo/centos6-`uname -i`/RPMS.of/openfusion-release-0.5-1.of.el6.noarch.rpm

* If you are following along in the guide, you might miss a step or two like I did. There are some things that we need to do the repos like disabling them by default and excluding some packages.

5. At the command line type:

• vi /etc/yum.repos.d/rpmforge.repo
• Change Enabled in each section to 0.
• Add the line exclude = perl-Apache-Test* to the [rpmforge] section.
• vi /etc/yum.repos.d/epel.repo
  • Change Enabled in each section to 0.
• vi /etc/yum.repos.d/openfusion.repo
• Change Enabled in each section to 0.
• Add the line exclude = perl-Apache-Test* to the [of] section.

6. Since we have installed CentOS 6 as our OS, we need to take an extra step. RedHat doesn’t seem to provide  perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite packages and PacketFence needs them to run properly.
     Type: yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite --enablerepo=rpmforge-extras,rpmforge

7. Now we need to add the PacketFence repo. Type vi /etc/yum.repos.d/PacketFence.repo and add the text below.

[PacketFence]

name=PacketFence Repository

baseurl=http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearch

gpgcheck=0

enabled=0

8. To install PacketFence, type yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete
This will install all the services PacketFence needs to work properly.

9. Now we need to setup PacketFence for our network. On a different computer, open a web browser and go to http://x.x.x.x:3000/configurator.
*For Version 3.6.0, the address is http://x.x.x.x:1444/configurator
*For Version 4.0.1, the address is  http://x.x.x.x:1443/configurator

If you can not get to the webpage, you will need to turn off the firewall on the server. To do this, type the following: service iptables stop

• Step 1: Choose the type of Enforcement that you want. Either Inline Enforcement or VLAN Enforcement. For my situation, I have selected both.
       - Inline Enforcement means that the PacketFence server will sit between the computer and the network/internet.
       -  VLAN Enforcement means that the PacketFence server does not sit between the computer and the network/internet. It will change the config on the managed switch for each individual port on the switch.
• Step 2: Networks. Add your networks.
  If you are using VLAN Enforcement, make sure you specify your Management VLAN, Registration VLAN, and Isolation VLAN.
       - To add a VLAN, click on "Add VLAN" under Actions.
• Step 3: Database Configuration
       -  Click on Test. You will be asked to set the MySQL admin password.
  *Note: If you receive an error message when you click on test, make sure MySQL is running on the server.
       - Click on "Create the database".
       - Under "Create a PacketFence account" type in a password and then type it again to confirm it. Now click on "Create User".
• Step 4: PacketFence Configuration
  Type in your domain, the hostname of the server, any DHCP servers on your network under General.
  Type in an email address under Alerting.
• Step 5: Administration
  Create a username and password for the administration interface.
• Step 6: Start PacketFence
  Click on "Start PacketFence"

Once PacketFence is started, you will be asked if you want to go to the Administration Interface, I clicked yes and then was taken to the admin page.

This concluded how you setup a PacketFence Server. I will post more on how to do other things in PacketFence once I have a chance to fully set it up at my workplace.

*Update: EPEL has been updated from 6.7 to 6.8. I have changed it in the directions above.