That sounds exactly like what I'm looking for.
Thank you for the info!
On 22 Nov 2014 23:31, "Durand fabrice" <[email protected]> wrote:
> Hi Allen,
>
> in fact it´s really simple, when you join a domain with a windows machine
> then a machine account is created.
> So in the 802.1x supplicant (windows side) you can choose to do machine
> and user auth.
> So when the computer start, it do machine auth and when the user enter his
> username and password then a new 802,1x connection is done with the user
> credential (when you logoff then it become machine auth).
>
> Where the config you have to do in packetfence:
>
>
> https://github.com/inverse-inc/packetfence/blob/stable/docs/PacketFence_Administration_Guide.asciidoc#example
>
> Also check
> https://github.com/inverse-inc/packetfence/blob/stable/lib/pf/vlan/custom.pm
> to enable autoreg ( shouldAutoRegister).
>
> Regards
> Fabrice
>
> Le 2014-11-22 18:09, Steve Allen a écrit :
>
> Hi Durand
>
> Could you expand on what that is?
>
> I've not come across that yet
>
> Thanks
> Steve
> On 22 Nov 2014 14:29, "Durand fabrice" <[email protected]> wrote:
>
>> Hi,
>>
>> why don´t you use machine authentication and user authentication with
>> autoreg enabled ?
>>
>> Regards
>> Fabrice
>>
>> Le 2014-11-22 04:47, Steve Allen a écrit :
>>
>> Hi
>>
>> We are a few months away from rolling out PacketFence to our network
>> and I would like to make sure we are following the best practises to ensure
>> it is as secure as possible.
>>
>> At the moment we have tested and it works great with Cisco 2960
>> switches and 802.1x.
>>
>> My next testing is it use laptops that are connected to a Windows
>> Server 2008r2 domain.
>>
>> Currently the laptops have very limited access when they boot up as
>> they start off in the registration VLAN.
>>
>> My question today is regarding computer start up group policies on
>> domain machines.
>>
>> I have read you can change some group policies settings so when the
>> users presses ctrl,alt+del and logs in with their AD username and password
>> this also "triggers" the 802.1x process to put them in the correct VLAN.
>> This is obviously after the computer has booted up.
>>
>> Does anyone have any documentation on what I need to allow in the
>> registration VLAN so I don't break Group Policies start up policies?
>>
>> Thanks,
>>
>> --
>> Regards,
>>
>> Steve Allen
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations,
>> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations,
> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
