Mark!
> What I don’t understand is why once authentication has been successful the PC
> is being placed into the registration vlan (300)?
That is currently the current behavior of this workflow but we’re thinking
about adjusting it a bit.
The FreeRADIUS authentication / authorization is a different one than the
PacketFence one. However, don’t want to enter into too much details, here’s how
you can achieve what you want (with a little bit of coding ;))
Open up the /usr/local/pf/lib/vlan/custom.pm file with your favorite editor
(VIM of course ;)) and uncomment the following lines (96 to 133 or soo)… the
shouldAutoRegister method ;) You may need to adjust a bit of thing but you
know, I can’t give you the whole answer just like that! ;)
Once done, service packetfence restart and you should be good to go!
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On Oct 16, 2013, at 9:02 AM, Mark McRitchie <[email protected]> wrote:
> Hi folks,
>
> I’ve got PF up and running using the ZEN image, and after a bit of fighting
> (and reading the docs) I’ve got my switch performing 802.1x Certificate based
> EAP.
>
> I’ve added an AD authentication source for machines with the catch all rules
> for access and assigning a machines role as per the example in the admin
> guide.
>
> Looking at the FreeRADIUS debug, I can see my test PC is being successfully
> authenticated:
>
> Login OK: [host/testpc.testcorp.corp/<via Auth-Type = EAP>] (from client
> 10.44.12.64 port 50001 cli 00-18-8B-D3-E8-D2)
> <snip>
> Sending Access-Accept of id 139 to 10.44.0.64 port 1812
> MS-MPPE-Send-Key =
> 0x38dba86e051fd9c89027f2344594a386f13198cd6c985eb4aa1d051d866b4000
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Message-Authenticator = 0x00000000000000000000000000000000
> Tunnel-Private-Group-Id:0 = "300"
> User-Name = "host/testpc.testcorp.corp"
> MS-MPPE-Recv-Key =
> 0x5e61538d922a9084e3e30f14841b8a1417ad1cf2f69a8817b3ae800ba3c28d44
> EAP-Message = 0x03070004
> Finished request 15.
>
> What I don’t understand is why once authentication has been successful the PC
> is being placed into the registration vlan (300)?
>
>
> My end goal is wired 802.1x certificate authentication for machines only as
> we use on our Wireless network.
> We don’t want to use user certs because users have multiple certificates
> installed and the Windows prompt to select a certificate will no doubt result
> in a number of helpdesk calls… I also don’t need individual users to register
> corporate owned machines but would be looking at extending this to MAC auth
> for printers and some form of sponsored guest authentication which we could
> then extend to our wireless.
>
>
> Thanks in advance,
> Mark.
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
