Hi, I am currently setting up Packetfence for a project and I am trying to get 802.1x via Certificate to work but cannot quite figure it out. Here's what I did so far: I created a Root- and Intermediate-CA with XCA and made a Certificate for Packetfence. I placed those under Radius -> PKI SSL Certificates and made a TLS Profile where I selected the Cert. I then created an EAP Profile where I made the EAP Type to "TLS" and selected the previously made TLS Profile. After that I made a Realm where I selected the EAP Configuration Profile. Next I setup an Authentication Source where I selected the associated Realm I just made and added an Authentication Rule Action to set a Role i created (that Role is also configured on the Switch Group) and an Access duration of 12 hours. I thought I could maybe select some Certificate Options/Attributes in the Conditions, but I didn't find an option like that. Then i made a Connection Profile where I filtered the Connection Type to be Ethernet-EAP and selected the Source i created previously, but it didn't seem to work. I am unsure if most of that even made sense because I couldn't find the right guide for my usecase, where I want to automatically assign VLANs on the Switchports based on Attributes in the Certificate from the client. I looked through the Docs and found Radius Enforcement which sounded like what I want to do, but it was very brief. Can someone that setup something similar tell me if what I'm trying to do is possible and what I need to do differently? Thank you in advance! --- Mit freundlichen Grüßen Im Auftrag
[cid:image001.png@01DBAE3B.9DE5D3F0] Herr T. Menzel Auszubildender Aldegreverstr. 10 - 14 | 33102 Paderborn [cid:image002.png@01DBAE3B.9DE5D3F0] +49 5251 308-1380 [cid:image003.png@01DBAE3B.9DE5D3F0] menz...@kreis-paderborn.de <mailto:menz...@kreis-paderborn.de> | [cid:image004.png@01DBAE3B.9DE5D3F0] www.kreis-paderborn.de [cid:image005.png@01DBAE3B.9DE5D3F0] [cid:image006.png@01DBAE3B.9DE5D3F0] _ <https://www.youtube.com/@KreisPaderbornOffiziell> [cid:image007.png@01DBAE3B.9DE5D3F0] _ <https://de.linkedin.com/company/kreis-paderborn> [cid:image008.png@01DBAE3B.9DE5D3F0] _ <https://whatsapp.com/channel/0029VaarDzND38CJrFssEb46> [cid:image009.png@01DBAE3B.9DE5D3F0] Bitte prüfen Sie der Umwelt zuliebe, ob diese E-Mail wirklich ausgedruckt werden muss.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
