Hello Cory, Yes, of course you can use PacketFence local authentication without any Windows AD integration. There are multiple ways but the simplest is to use the local PacketFence database to authenticate the users. It's also possible to interact with a LDAP server to do the 802.1x authentication and PacketFence also provides an internal PKI to do eap-tls auth.
For the "Authentication Source RADIUS", it depends how you use it, if it's on the portal then it will do PAP authentication, but you can also use the RADIUS source in the REALM section to proxy the request to another server. Btw i don't see any blocking point for you to use PacketFence, but i recommend starting with something simple (like mac-auth + portal then 802.1x after). Regards Fabrice Le ven. 26 mai 2023 à 15:13, Cory White via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello - > > I've followed packetfence since 2015 but we never fully adopted its > feature sets due to various reasons. Our original interest was for Captive > Portals - but at the time it felt like overkill and we did not want in-band > switch port management to deploy a simple 'coffee shop' portal. > > Times have changed and personally I thought Captive Portals would have > died off in requests by now but they are more prevalent now than ever with > BYOD and user-initiated on-boarding. > > Since COVID we have shifted into various vertical markets and are finding > the need to consolidate our deployments into a more scalable > resource/deployment for various installs in these markets. Our requirements > - > > - Portal Page and User management - whether manually onboarded/import > and/or through user initiated portal pages. > - MAC bypass - manually bypass portals for authorized MAC identified > hosts. If there is a user onboarding for this as well through already AUTH > credentials that is a plus. > - 802.1X auth for dynamically assigned VLANs (w/ and w/o MAC > filtering) over wireless only - mix of vendors Unifi, Peplink, Cisco, > Meraki, etc. Common thread is that all are managed through a controller - > no autonomous APs. > > We currently employ Mikrotik hotspots and Peplink InControl portals - > depending on the installation router. User accounts are added via script, > API, ssh, etc manually not by a user request/portal interaction. All > dynamic VLAN assignments/RADIUS attributes (radchecks, radreply, > radgroupreply,etc) are handled in freeRADIUS based on user credentials - > typically only a couple VLAN options, most of these installs have no more > than 5 total VLANs. > > I've spun up a VM of 12.2, the maturation is impressive but documentation > for our actual deployment needs to migrate from freeRADIUS stand-alone DB > is non-existent - at least from my searching in the last week. I understand > the concepts (I believe), my big question is using just 'local to > Packetfence install' freeRADIUS possible as AUTH? We do not deploy > anything Windows based - we are a UNIX/Open-Source/In-house DEV company. So > AD is not an option, we do have some LDAP/freeRADIUS servers running for > internal use (linux) but don't want to expose that cluster to end user > accounts. I feel that the current version will suit our needs to do what we > want for the most part and give us a unified platform; but can't really > seem to find any documentation to move forward on testing. > > Specific to "Authentication Source RADIUS' - docs seem to skim over this > as an option or its possible I need to be looking elsewhere? Any direction > is appreciated - I've been testing with UniFi (which I know Ubiquiti has > its own issues), I see it's a recent integration as well. I can see request > come in but always rejected auth in wrong eap/mshcap (even though I've > removed them as auth options). I also see my Internal RADIUS source > constantly in 'wrong shared secret' ( client localhost). > > I'm going to migrate to a Cisco test lab to verify its not a tunnel, > remote resource issue and keep everything in the same subnet (nodes/nas). > > Thank you for any assistance - > > Cory White > > Senior Network Engineer > 904-735-1600 > c...@xpodigital.com > www.xpodigital.com > [image: facebook] <https://www.facebook.com/xpodigital> > [image: twitter] <https://www.twitter.com/xpodigital> > [image: linkedin] <https://www.linkedin.com/company/xpodigita> > [image: instagram] <https://www.instagram.com/xpodigital/> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
