[PacketFence-users] Possible Bug - 802.1x with machine auth

Mon, 04 Nov 2013 15:09:15 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

        I *think* I've stumbled across a possible bug.  Or, rather,
definitely something that I think is behaving improperly.

        First the requisite profile :

Packetfence 4.0.6
RHEL 6.x
LDAP authentication
Mixed 802.1x and MAB

        We're experimenting with 802.1x now and, since Windows is wonderfully
braindead, we find ourselves having to use machine authentication
along with user authentication.  When the machine it turned on, it
machine auths automagically.  After a username/pass is entered, the
system tries to log into the domain (Samba, not AD) and then logs into
802.1x if the domain login is a success.

        All of this works.  The problem is on boot and/or on logout.  In both
cases, the machine does an automatic machine auth.  It's successful,
and the proper role/vlan is sent to the switch, but the role for that
MAC address in packetfence is not updated.  So, if 802.1x is somehow
disabled, MAB puts them into the "authenticated" user role instead of
leaving them in the "unauthenticated" machine role.

        This doesn't feel right.  Shouldn't the role for the MAC be updated
based on the rule matching in packetfence?

Thanks,

- -- 
- ---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
f...@godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
- ---------------------------
"Something mysterious is formed, born in the silent void. Waiting
alone and unmoving, it is at once still and yet in constant motion. It
is the source of all programs. I do not know its name, so I will call
it the Tao of Programming."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJ4FAYACgkQO80o6DJ8UvktogCfZPw/5J2M2D/HLNB6wB2Lrxwn
6VoAn0uKsIhpJXNcXMbbKAuN9XOoabd6
=3wRN
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to