Fabrice, I am not certain how you get it to work after 15 characters, but everything I read and have experienced with AD and hostnames being longer than 14/15 characters is that they don't authenticate because AD will truncate them.
https://support.microsoft.com/en-us/kb/909264 https://technet.microsoft.com/en-us/library/cc731383.aspx https://supportforums.cisco.com/discussion/12299256/ise-admin-server-16-character-hostname -----Original Message----- From: Fabrice DURAND [mailto:[email protected]] Sent: Wednesday, February 03, 2016 9:17 AM To: [email protected] Subject: Re: [PacketFence-users] machine authentication There is no limit of 14 characters, i have machine auth with more than 30 characters and there is no issue. Also did you checked that the client do machine auth ? (windows supplicant) Regards Fabrice Le 2016-02-03 08:52, Tedder, Eric a écrit : > > The one limitation that I have found with computer authentication with > packet fence and Active directory is that the computer name cannot > exceed 14 characters or it breaks. > > > > *From:*Reeyon Lim [mailto:[email protected]] > *Sent:* Tuesday, February 02, 2016 9:39 PM > *To:* [email protected] > *Subject:* Re: [PacketFence-users] machine authentication > > > > Hello Fabrice, > > > > Now i restarted the config from scratch. > > > > 0. wipe out existing parameters in vlan_filters.conf > > 1. Created AD-computer source, according to the Administration Guide. > > 2. Map this source to 802.1x portal profile. > > 3. run raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 > > 4. I can't see any "host/xxxxxx" in debug, but I see "domain\username" > > > > So I guess the computer is authenticating user credentials instead of > machine auth. > > > > Anything that I've missed out? > > > > > > Regards, > > Reeyon > > > > On Tue, Feb 2, 2016 at 10:53 PM, Fabrice DURAND <[email protected] > <mailto:[email protected]>> wrote: > > Hello Reeyon, > > Le 2016-02-02 02:12, Reeyon Lim a écrit : > > Hello Everyone, > > > > Sorry for my multiples questions recently. > No problem , the mailling list is for that. > > I have been setting up a 802.1x authentication for the lab, but i > > need to do more secure of 802.1x authentication where I found > > machine authentication in the Administration guide. > > > > Tried to follow every steps in the guide, but failed to make it work. > > I do not find any logs in packetfence.log like "host/xxxxxx", and pf > > just push the domain PC to RegistrationRole without authentication. > Check first in the radius.log or run radius in debug mode to see why > machine auth failed (raddebug -f /usr/local/pf/var/run/radiusd.sock -t > 3000). > When you will be able to successfully authenticate machine in > freeradius then you will be able to see in packetfence.log username > like host/xxxxxx > > > > I have 2 source lists: ad-user, and ad-computers These two lists > > mapped to 802.1x portal profile. > > > > The objective here is to block any non-domain of BYOD to be able to > > access the network, except domain machines and users. > > > Next you will have to deal with vlan filter to test if machine auth > passed before user auth. > > Please help! > > Thank you. > > > > Regards, > > Reeyon > > > > > Regards > Fabrice > > > > > > ---------------------------------------------------------------------- > -------- > > Site24x7 APM Insight: Get Deep Visibility into Application > > Performance APM + Mobile APM + RUM: Monitor 3 App instances at just > > $35/Month Monitor end-to-end web transactions and take corrective > > actions now Troubleshoot faster and improve end-user experience. Signup Now! > > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca > <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo > (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > ---------------------------------------------------------------------- > -------- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > ---------------------------------------------------------------------- > -------- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
