Hi
Can anyone advise if this it is possible to do this by AD security group?
If you could point me in the right direction for documentation.
Thanks
On 26 Jan 2015 12:17, "Steve Allen" <[email protected]> wrote:
> Hi
>
> I'm finally getting time to test this out now.
>
> So far its going really well and I can set VLANs based on which OU a user
> or computer is in.
>
> Is it possible to do set the role/VLAN based on an AD security group?
>
> Kind regards,
>
>
> On 23 November 2014 at 09:33, Steve Allen <[email protected]>
> wrote:
>
>> That sounds exactly like what I'm looking for.
>>
>> Thank you for the info!
>> On 22 Nov 2014 23:31, "Durand fabrice" <[email protected]> wrote:
>>
>>> Hi Allen,
>>>
>>> in fact it´s really simple, when you join a domain with a windows
>>> machine then a machine account is created.
>>> So in the 802.1x supplicant (windows side) you can choose to do machine
>>> and user auth.
>>> So when the computer start, it do machine auth and when the user enter
>>> his username and password then a new 802,1x connection is done with the
>>> user credential (when you logoff then it become machine auth).
>>>
>>> Where the config you have to do in packetfence:
>>>
>>>
>>> https://github.com/inverse-inc/packetfence/blob/stable/docs/PacketFence_Administration_Guide.asciidoc#example
>>>
>>> Also check
>>> https://github.com/inverse-inc/packetfence/blob/stable/lib/pf/vlan/custom.pm
>>> to enable autoreg ( shouldAutoRegister).
>>>
>>> Regards
>>> Fabrice
>>>
>>> Le 2014-11-22 18:09, Steve Allen a écrit :
>>>
>>> Hi Durand
>>>
>>> Could you expand on what that is?
>>>
>>> I've not come across that yet
>>>
>>> Thanks
>>> Steve
>>> On 22 Nov 2014 14:29, "Durand fabrice" <[email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> why don´t you use machine authentication and user authentication with
>>>> autoreg enabled ?
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>> Le 2014-11-22 04:47, Steve Allen a écrit :
>>>>
>>>> Hi
>>>>
>>>> We are a few months away from rolling out PacketFence to our network
>>>> and I would like to make sure we are following the best practises to ensure
>>>> it is as secure as possible.
>>>>
>>>> At the moment we have tested and it works great with Cisco 2960
>>>> switches and 802.1x.
>>>>
>>>> My next testing is it use laptops that are connected to a Windows
>>>> Server 2008r2 domain.
>>>>
>>>> Currently the laptops have very limited access when they boot up as
>>>> they start off in the registration VLAN.
>>>>
>>>> My question today is regarding computer start up group policies on
>>>> domain machines.
>>>>
>>>> I have read you can change some group policies settings so when the
>>>> users presses ctrl,alt+del and logs in with their AD username and password
>>>> this also "triggers" the 802.1x process to put them in the correct VLAN.
>>>> This is obviously after the computer has booted up.
>>>>
>>>> Does anyone have any documentation on what I need to allow in the
>>>> registration VLAN so I don't break Group Policies start up policies?
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Regards,
>>>>
>>>> Steve Allen
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>>>> Get technology previously reserved for billion-dollar corporations,
>>>> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing
>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>>> with Interactivity, Sharing, Native Excel Exports, App Integration &
>>>> more
>>>> Get technology previously reserved for billion-dollar corporations, FREE
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>>> Get technology previously reserved for billion-dollar corporations,
>>> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>>> Get technology previously reserved for billion-dollar corporations, FREE
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>
>
> --
> Regards,
>
> Steve Allen
>
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
