The one limitation that I have found with computer authentication with packet
fence and Active directory is that the computer name cannot exceed 14
characters or it breaks.
From: Reeyon Lim [mailto:[email protected]]
Sent: Tuesday, February 02, 2016 9:39 PM
To: [email protected]
Subject: Re: [PacketFence-users] machine authentication
Hello Fabrice,
Now i restarted the config from scratch.
0. wipe out existing parameters in vlan_filters.conf
1. Created AD-computer source, according to the Administration Guide.
2. Map this source to 802.1x portal profile.
3. run raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600
4. I can't see any "host/xxxxxx" in debug, but I see "domain\username"
So I guess the computer is authenticating user credentials instead of machine
auth.
Anything that I've missed out?
Regards,
Reeyon
On Tue, Feb 2, 2016 at 10:53 PM, Fabrice DURAND
<[email protected]<mailto:[email protected]>> wrote:
Hello Reeyon,
Le 2016-02-02 02:12, Reeyon Lim a écrit :
> Hello Everyone,
>
> Sorry for my multiples questions recently.
No problem , the mailling list is for that.
> I have been setting up a 802.1x authentication for the lab, but i need
> to do more secure of 802.1x authentication where I found machine
> authentication in the Administration guide.
>
> Tried to follow every steps in the guide, but failed to make it work.
> I do not find any logs in packetfence.log like "host/xxxxxx", and pf
> just push the domain PC to RegistrationRole without authentication.
Check first in the radius.log or run radius in debug mode to see why
machine auth failed (raddebug -f /usr/local/pf/var/run/radiusd.sock -t
3000).
When you will be able to successfully authenticate machine in freeradius
then you will be able to see in packetfence.log username like host/xxxxxx
>
> I have 2 source lists: ad-user, and ad-computers
> These two lists mapped to 802.1x portal profile.
>
> The objective here is to block any non-domain of BYOD to be able to
> access the network, except domain machines and users.
>
Next you will have to deal with vlan filter to test if machine auth
passed before user auth.
> Please help!
> Thank you.
>
> Regards,
> Reeyon
>
>
Regards
Fabrice
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]<mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> ::
+1.514.447.4918<tel:%2B1.514.447.4918> (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
