On Jun 3, 2015, at 12:19 , heupink <[email protected]> wrote:
> Hi Louis, list, > > Things are progressing nicely here: Currently we have pf running inline > (with registration portal) for the wlan, and in 802.1x mode for the > wired network. > > It's all very cool, and it works great. I had to stop using the > sernet-samba packages, as they caused other problems with packetfence: > > /usr/bin/radsniff3: error while loading shared libraries: > libtalloc.so.2: cannot open shared object file: No such file or directory > > The samba from backports runs very well. I'm just reporting this here > for the archives. Thank you, that is good to know. That version of radsniff was built against the samba3 libraries. It looks like samba4 is different enough that it won’t work with it’s libraries. I guess we will need to look into either statically linking those libraries or making the samba3 libs a dependency. I don’t like that though since that might prevent people from using samba4 from sernet, which in our experience works quite well. > > There is however one remaing thing we would like to do: > > Suppose an unkown client (device plus user) connects to the wired > (802.1x) network. The user does not exist in samba4 AD, therefore > cannot provide 802.1x network credentials. > > On our switch (procurve 5400) I have defined a WLAN VLAN specific for > the wifi (running through packetfence inline) > > Would it be possible somehow to make this unkown user/device get the > registration portal (nota bene: on the WIRED network), register > hem/herself, and then put on the WLAN VLAN? > > The purpose of this: we would be able to provide an open wired network > for guest access the same way we currently have our 'open wireless network'. > > The problem, the way I see it now, is that ports are either 802.1x, or > not. As packetfence can do so much, perhaps it has a solution for this > as well? > Most people use MAB for that (if your switch supports it). Try 802.1x and then fail over to MAC authentication over RADIUS. Show them a different portal where they can authenticate using SMS, email or preexisting accounts. Portal profiles allow you to dynamically create different portals based on criteria such as the connection type. Regards, -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
