You talked about netbios name, not dns name. In PacketFence, freeradius validate the machine name (host/FMCART310-15.domain.com) and in PacketFence side we have to create another authentication source with the user attribute servicePrincipalName.
Check in your AD for a machine account (Adsiedit.msc) in the attribute servicePrincipalName and you will see the complete dns name of the machine. So the only limit is 64 characteres of the dns name. Regards Fabrice Le 2016-02-03 10:16, Tedder, Eric a écrit : > Fabrice, > > I am not certain how you get it to work after 15 characters, but everything I > read and have experienced with AD and hostnames being longer than 14/15 > characters is that they don't authenticate because AD will truncate them. > > https://support.microsoft.com/en-us/kb/909264 > https://technet.microsoft.com/en-us/library/cc731383.aspx > https://supportforums.cisco.com/discussion/12299256/ise-admin-server-16-character-hostname > > > > -----Original Message----- > From: Fabrice DURAND [mailto:[email protected]] > Sent: Wednesday, February 03, 2016 9:17 AM > To: [email protected] > Subject: Re: [PacketFence-users] machine authentication > > There is no limit of 14 characters, i have machine auth with more than > 30 characters and there is no issue. > > Also did you checked that the client do machine auth ? (windows supplicant) > > Regards > Fabrice > > Le 2016-02-03 08:52, Tedder, Eric a écrit : >> The one limitation that I have found with computer authentication with >> packet fence and Active directory is that the computer name cannot >> exceed 14 characters or it breaks. >> >> >> >> *From:*Reeyon Lim [mailto:[email protected]] >> *Sent:* Tuesday, February 02, 2016 9:39 PM >> *To:* [email protected] >> *Subject:* Re: [PacketFence-users] machine authentication >> >> >> >> Hello Fabrice, >> >> >> >> Now i restarted the config from scratch. >> >> >> >> 0. wipe out existing parameters in vlan_filters.conf >> >> 1. Created AD-computer source, according to the Administration Guide. >> >> 2. Map this source to 802.1x portal profile. >> >> 3. run raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 >> >> 4. I can't see any "host/xxxxxx" in debug, but I see "domain\username" >> >> >> >> So I guess the computer is authenticating user credentials instead of >> machine auth. >> >> >> >> Anything that I've missed out? >> >> >> >> >> >> Regards, >> >> Reeyon >> >> >> >> On Tue, Feb 2, 2016 at 10:53 PM, Fabrice DURAND <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello Reeyon, >> >> Le 2016-02-02 02:12, Reeyon Lim a écrit : >>> Hello Everyone, >>> >>> Sorry for my multiples questions recently. >> No problem , the mailling list is for that. >>> I have been setting up a 802.1x authentication for the lab, but i >>> need to do more secure of 802.1x authentication where I found >>> machine authentication in the Administration guide. >>> >>> Tried to follow every steps in the guide, but failed to make it work. >>> I do not find any logs in packetfence.log like "host/xxxxxx", and pf >>> just push the domain PC to RegistrationRole without authentication. >> Check first in the radius.log or run radius in debug mode to see why >> machine auth failed (raddebug -f /usr/local/pf/var/run/radiusd.sock -t >> 3000). >> When you will be able to successfully authenticate machine in >> freeradius then you will be able to see in packetfence.log username >> like host/xxxxxx >>> I have 2 source lists: ad-user, and ad-computers These two lists >>> mapped to 802.1x portal profile. >>> >>> The objective here is to block any non-domain of BYOD to be able to >>> access the network, except domain machines and users. >>> >> Next you will have to deal with vlan filter to test if machine auth >> passed before user auth. >>> Please help! >>> Thank you. >>> >>> Regards, >>> Reeyon >>> >>> >> Regards >> Fabrice >> >>> >> ---------------------------------------------------------------------- >> -------- >>> Site24x7 APM Insight: Get Deep Visibility into Application >>> Performance APM + Mobile APM + RUM: Monitor 3 App instances at just >>> $35/Month Monitor end-to-end web transactions and take corrective >>> actions now Troubleshoot faster and improve end-user experience. Signup Now! >>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice Durand >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 >> <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca >> <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo >> (http://www.sogo.nu) and PacketFence (http://packetfence.org) >> >> >> ---------------------------------------------------------------------- >> -------- >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> >> ---------------------------------------------------------------------- >> -------- >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice Durand > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. > :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
