Hi Steve,
Never tried dot1x on our wired connections. We just use Packetfence to do MAB
authentication on the wired connection level and it works awesome. Before
packetfence I manually had to setup all ports and field techs called me
constantly to switch vlans for them. Since I configured packetfence I have
setup that field technicians can approve devices on the fly themselves and
packetfence configures the port for them. I’m no longer in the middle
configuring ports. Right now I’m trying to do the same with wireless but that
requires dot1x to work with WPA2/AES networks. MAB works fine on the wireless
just not the dot1x in our network. I think I have it working though using
packetfence for MAB and Windows 2008 NPS for dot1x. I am using the filter-id
field in NPS to filter roles on the Aruba wireless and it appears to work while
Packetfence drops clients into the correct vlan.
Jeremy Plumley
ITS Network Technician
Guilford Technical Community College, www.GTCC.edu<http://www.gtcc.edu/>
601 East Main St., Jamestown, NC 27282
Office – 336.334.4822 ext 50428
[cid:[email protected]]
1 John 1:9 ~ If we confess our sins, he is faithful and just to forgive us our
sins, and to cleanse us from all unrighteousness.
From: Steve Allen [mailto:[email protected]]
Sent: Friday, February 13, 2015 3:23 AM
To: [email protected]
Subject: Re: [PacketFence-users] Packetfence dot1x wireless authentication
Hi Jeremy
I'm currently setting up PF and so far have only tested wired connection.
So far I have it just using Internal sources and the PF server isn't joined to
my domain. I've not fully tested the dot1x yet but it is working via MAC
addresses.
I'm wondering if I'm missing a step with not joining the PF server to my domain.
Kind regards,
On 12 February 2015 at 13:42, Jeremy Plumley
<[email protected]<mailto:[email protected]>> wrote:
Just seeing if I can get some clarification on setting up dot1x wireless
authentication in Packetfence. Worked on this for a while a few months back but
hit a road block. I was able to get Packetfence server to join our AD domain
and my account would work with test utility to authenticate but would fail
mschap authentication when I connect to our wireless. After reading
documentation I think I may have been missing adding our AD in as an internal
source. When you are connecting to an SSID with packetfence it goes by your
internal sources in order for dot1x authentication correct? I only had on OU
added into internal sources to allow for Web admin access to restrict who could
login. I think I need to add an overall AD source without Webadmin access then
added conditions and rules for role access.
Jeremy Plumley
ITS Network Technician
Guilford Technical Community College, www.GTCC.edu<http://www.gtcc.edu/>
601 East Main St., Jamestown, NC 27282
Office – 336.334.4822 ext 50428
[cid:[email protected]]
1 John 1:9 ~ If we confess our sins, he is faithful and just to forgive us our
sins, and to cleanse us from all unrighteousness.
E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Regards,
Steve Allen
E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.)
E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
