Hello Grant,
For the portal:
first i recommend to create a a portal profile with a filter connection
type = Ethernet-EAP and add your AD source in this profile.
Next enable autoregistration on this portal.
For 802.1x:
you have to fix your issue with Test join failed.
Check in the AD is the PacketFence server appear (remove it), check that
you enabled ip_forward of the PF server.
Check that you are able to reach the AD dns server from PacketFence.
And retry.
For the pftest:
it's not normal that an LDAP bind isn't working, what you can do is to
capture the ldap traffic and check what is the answer of the AD when you
do the pftest command.
Regards
Fabrice
Le 2017-01-23 à 06:25, Grant Hathaway a écrit :
>
> Hello,
>
>
>
> Thanks in advance to anyone who can help me.
>
>
>
> AD is successfully added as a user source and there are basic rules
> added, the rule conditions are for AD group membership so if an AD
> user account is in a group which matches the rule then its assigned a
> role.
>
> We are only interested in 802.1x wired connections not wifi, the
> portal profile is set as the default (not sure if I need to change
> this to automatically register devices?)
>
>
>
> If I connect a windows client to the packetfence switch the device
> appears in packetfence as “unregistered” and so it appears its not
> registering the user/device based on the roles.
>
>
>
> So the rules aren’t working and I’m unsure how to troubleshoot it
> further. I noticed that our domain isn’t added in Radius/Domains and
> get an error “Test join failed”. Could this be the reason why its failing?
>
>
>
> I used the pftest script to check the authentication and I get the
> below output.
>
>
>
> [root@PacketFence-6_4_0 ~]# sudo /usr/local/pf/bin/pftest
> authentication my_domain_user "/password/"
>
> Testing authentication for " my_domain_user "
>
>
>
> Authenticating against local
>
> Authentication FAILED against local (Invalid login or password)
>
> Did not match against local
>
> Did not match against local
>
>
>
> Authenticating against file1
>
> Authentication FAILED against file1 ()
>
> Did not match against file1
>
> Did not match against file1
>
>
>
> Authenticating against sms
>
> Authentication FAILED against sms ()
>
> Matched against sms for 'authentication' rules
>
> set_role : guest
>
> set_access_duration : 1D
>
> Did not match against sms
>
>
>
> Authenticating against email
>
> Authentication SUCCEEDED against email ()
>
> Matched against email for 'authentication' rules
>
> set_role : guest
>
> set_access_duration : 1D
>
> Did not match against email
>
>
>
> Authenticating against sponsor
>
> Authentication SUCCEEDED against sponsor ()
>
> Matched against sponsor for 'authentication' rules
>
> set_role : guest
>
> set_access_duration : 1D
>
> Did not match against sponsor
>
>
>
> Authenticating against null
>
> Authentication SUCCEEDED against null ()
>
> Matched against null for 'authentication' rules
>
> set_role : guest
>
> set_access_duration : 1D
>
> Did not match against null
>
>
>
> Authenticating against AD
>
> Authentication FAILED against AD (Invalid login or password)
>
> Did not match against AD
>
> Did not match against AD
>
> Grant Hathaway
> Network and Infrastructure Analyst
>
> Certas Energy UK Limited
> The Switch
> 1-7 The Grove - Slough - SL1 1QP
> Phone : 01753756965 - Mobile : 07920075818
> [email protected]
> <mailto:[email protected]>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
