Greetings,
I have been reading through PacketFence documentation and I am working on
integrating the server with an existing AP deployment. I'd like to
summarize how the PF solution works for my own understanding, please
correct me where I am wrong. As far as I can tell the PF solution works by
first doing a low level Radius-Request message with the user's MAC address
which the server then sends back a RADIUS-Accept message (similar to
machine auth on domain machines) putting them on a LAN isolated subnet. The
User is then redirected to the captive portal interface of the PF server
(the only place the isolated vlan can get to) to scan for AV and take the
client's username and password and checks a backend directory service. Once
the directory lookup returns success the PF server prompts the AP to change
the client's VLAN to the appropriate one and they are then granted access
to the network.
My question is this: Is there anyway I can disable the initial RADIUS
functionality that contains the client's MAC address. The reason I am
asking is because my AP solution already places the client device in a
Captive Portal with firewall rules on the AP (the client can only get to
the captive portal server), the LAN isolated subnet is
redundant. Additionally the MAC address can be stored on the AP controller
and only prompt the user to re-authenticate with the captive portal once
the splash frequency expires(never?). I can also pass the PF server the MAC
address of the client with escaped parameters in the URL redirect to the
splash page server.
I am wondering if any has had experience disabling this functionality or
any thoughts on how else I might accomplish this? I feel like it is a
doubling of efforts to both place them in a LAN isolated subnet and have
firewall rules on the AP. Are my thoughts on how PF works at the packet
level correct?
Any input would be helpful.
-Ian
*
*
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
