Jeremy,
When you are connecting to an SSID with packetfence it goes by your internal
sources in order for dot1x authentication correct?
The 802.1x work in kind of “two steps”.
Authentication in FreeRADIUS is completed against your AD with mschap. That
means that only having the PacketFence server joined to the domain would work.
The second step ‘post-auth’ is where PacketFence is taking a decision based on
the credentials you provided. That part need, in fact, a rule in the
authentication source that would set a role so that PacketFence will be able to
assign a VLAN.
Let me know if you need more info.
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On February 12, 2015 at 09:17:10, Jeremy Plumley ([email protected]) wrote:
Just seeing if I can get some clarification on setting up dot1x wireless
authentication in Packetfence. Worked on this for a while a few months back but
hit a road block. I was able to get Packetfence server to join our AD domain
and my account would work with test utility to authenticate but would fail
mschap authentication when I connect to our wireless. After reading
documentation I think I may have been missing adding our AD in as an internal
source. When you are connecting to an SSID with packetfence it goes by your
internal sources in order for dot1x authentication correct? I only had on OU
added into internal sources to allow for Web admin access to restrict who could
login. I think I need to add an overall AD source without Webadmin access then
added conditions and rules for role access.
Jeremy Plumley
ITS Network Technician
Guilford Technical Community College, www.GTCC.edu
601 East Main St., Jamestown, NC 27282
Office – 336.334.4822 ext 50428
1 John 1:9 ~ If we confess our sins, he is faithful and just to forgive us our
sins, and to cleanse us from all unrighteousness.
E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.
http://goparallel.sourceforge.net/_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
