Le 02/11/2014 12:03, Denis Bonnenfant diderot a écrit :
> Le 16/10/2014 15:38, Derek Wuelfrath a écrit :
>> Hello Denis,
>>
>> Do you mind sharing both sites-enabled/packetfence and
>> sites-enabled/packetfence-tunnel ?
>>
>
> Of course, these files are quite standard, I just modified authorize
> section il packetfence-tunnel, and it worked perfectly for
> establishing 802.1x connexion.
>
>>> So, where do I need to rewrite User-Name for passing it to PacketFence,
>>> in radius conf files ? in packetfence.pm ?
>> That kind of stuff should be done in sites-enabled/* since FreeRADIUS
>> already have all the modules to do that.
>
> The problem is that I wasn't able to find where things are passed to
> PF for the setvlan process, I tried many places, without success...
> Whatever I do, nodes still gets registered in PF as host\computername.
Finally I found the solution, and as it is nearly undocumented, I give
the recipe for reference purpose : the trick is to use
%{mschap:User-Name} instead of User-Name for ldap and packetfence modules.
Packetfence PEAP Auth against openladp/samba3 domain (user and machine
auth) :
freeradius :
modules/ldap : use %{mschap:User-Name} for ldap search
filter = "(uid=%{%{mschap:User-Name}:-%{User-Name}})"
site-enabled/packetfence-tunnel :
in authorize section add
ldap
after line with "files"
in post-auth section, add
update request {
User-Name := "%{mschap:User-Name}"
}
before line with "packetfence"
Packetfence config :
- Add two ldap auth sources, for users and machines
- define specific portals with these sources,
- define vlan filters activating autoregistration for wireless and
ethernet EAP
Denis Bonnenfant
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
