Hello Fabrice,
Now i restarted the config from scratch.
0. wipe out existing parameters in vlan_filters.conf
1. Created AD-computer source, according to the Administration Guide.
2. Map this source to 802.1x portal profile.
3. run raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600
4. I can't see any "host/xxxxxx" in debug, but I see "domain\username"
So I guess the computer is authenticating user credentials instead of
machine auth.
Anything that I've missed out?
Regards,
Reeyon
On Tue, Feb 2, 2016 at 10:53 PM, Fabrice DURAND <[email protected]> wrote:
> Hello Reeyon,
>
> Le 2016-02-02 02:12, Reeyon Lim a écrit :
> > Hello Everyone,
> >
> > Sorry for my multiples questions recently.
> No problem , the mailling list is for that.
> > I have been setting up a 802.1x authentication for the lab, but i need
> > to do more secure of 802.1x authentication where I found machine
> > authentication in the Administration guide.
> >
> > Tried to follow every steps in the guide, but failed to make it work.
> > I do not find any logs in packetfence.log like "host/xxxxxx", and pf
> > just push the domain PC to RegistrationRole without authentication.
> Check first in the radius.log or run radius in debug mode to see why
> machine auth failed (raddebug -f /usr/local/pf/var/run/radiusd.sock -t
> 3000).
> When you will be able to successfully authenticate machine in freeradius
> then you will be able to see in packetfence.log username like host/xxxxxx
> >
> > I have 2 source lists: ad-user, and ad-computers
> > These two lists mapped to 802.1x portal profile.
> >
> > The objective here is to block any non-domain of BYOD to be able to
> > access the network, except domain machines and users.
> >
> Next you will have to deal with vlan filter to test if machine auth
> passed before user auth.
> > Please help!
> > Thank you.
> >
> > Regards,
> > Reeyon
> >
> >
> Regards
> Fabrice
>
> >
> >
> ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> >
> >
> > _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice Durand
> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (
> http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
