[PacketFence-users] Understanding AD machine auth & registration

Wed, 16 Oct 2013 06:26:39 -0700 

Hi folks,

 

I've got PF up and running using the ZEN image, and after a bit of fighting
(and reading the docs) I've got my switch performing 802.1x Certificate
based EAP.

 

I've added an AD authentication source for machines with the catch all rules
for access and assigning a machines role as per the example in the admin
guide.

 

Looking at the FreeRADIUS debug, I can see my test PC is being successfully
authenticated:

 

Login OK: [host/testpc.testcorp.corp/<via Auth-Type = EAP>] (from client
10.44.12.64 port 50001 cli 00-18-8B-D3-E8-D2)

<snip>

Sending Access-Accept of id 139 to 10.44.0.64 port 1812

        MS-MPPE-Send-Key =
0x38dba86e051fd9c89027f2344594a386f13198cd6c985eb4aa1d051d866b4000

        Tunnel-Type:0 = VLAN

        Tunnel-Medium-Type:0 = IEEE-802

        Message-Authenticator = 0x00000000000000000000000000000000

        Tunnel-Private-Group-Id:0 = "300"

        User-Name = "host/testpc.testcorp.corp"

        MS-MPPE-Recv-Key =
0x5e61538d922a9084e3e30f14841b8a1417ad1cf2f69a8817b3ae800ba3c28d44

        EAP-Message = 0x03070004

Finished request 15.

 

What I don't understand is why once authentication has been successful the
PC is being placed into the registration vlan (300)?

 

 

My end goal is wired 802.1x certificate authentication for machines only as
we use on our Wireless network. 

We don't want to use user certs because users have multiple certificates
installed and the Windows prompt to select a certificate will no doubt
result in a number of helpdesk calls. I also don't need individual users to
register corporate owned machines but would be looking at extending this to
MAC auth for printers and some form of sponsored guest authentication which
we could then extend to our wireless.

 

 

Thanks in advance,

Mark.


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to