This might help also: https://support.microsoft.com/en-us/help/929847/how-to-enable-computer-only- authentication-for-an-802.1x-based-network-in-windows-vista,-in-windows-serv er-2008,-and-in-windows-xp-service-pack-3
From: Antoine Amacher [mailto:[email protected]] Sent: Monday, May 29, 2017 4:55 PM To: [email protected] Subject: Re: [PacketFence-users] mab+802.1x authentication Hello Lucas, To use MachineAuthentication, create an AD source like the one used for your UserAuthentiction, replace the Username attribute: "sAMAccountName" by "ServicePrincipalName". That will allow you to do MachineAuthentication. Make sure to add this source on your connection profile. If the machine is in the domain with a valid machine account then it will be able to authenticate. To properly test MachineAuthentication, make sure that it is allowed or enforced in the 802.1x supplicant configuration. Thanks On 05/29/2017 11:34 AM, luca comes wrote: Hi Pedro, yes I think so but I don't understand how to do this. I need to do a new connection profile for it? At the moment I have only one connection profile other than the default that take care of users. I'm really confused. Thanks Luca Inviato da Outlook ________________________________________ Da: Pedro Simões <[email protected]> Inviato: lunedì 29 maggio 2017 17:06 A: [email protected] Oggetto: Re: [PacketFence-users] mab+802.1x authentication I think for that scenario you need to use machine authentication. From: luca comes [mailto:[email protected]] Sent: Monday, May 29, 2017 3:12 PM To: [email protected] Subject: [PacketFence-users] mab+802.1x authentication Hi all, I succesfully configured last release of PF with Cisco Catalyst 3750G to perform 802.1x authentication over my AD Domain. I'm studying the solution because the intention is to deploy it on all my sites (more or less 15 sites and 1000 users). Actually the server is located on our datacenter in out-of-band deployment and locally on my test site I've configured registration and isolation VLAN even if they are not used in 802.1x environment. The problem now is that I need to permit AD authentication on PC's where credentials are not in client's cache but at the begininning neither IP traffic nor DHCP is permitted so users can't access the network. I thought that a solution could be perform to factor authentication so at the start of the process I could use MAB authentication and put them on the registration VLAN opened to access the AD. But then I need to do 802.1x user authentication without pass through the registration portal, is that possible? Is there a better way to deploy a solution like that? Thank you in advance Luca ---------------------------------------------------------------------------- -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Antoine Amacher [email protected] :: www.inverse.ca +1.514.447.4918 x130 :: +1 (866) 353-6153 x130 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
