Hi Pedro,
don't worry you were really useful instead because you put me on the right way đ
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: Pedro SimÔes <pedro.sim...@layer8.pt>
Inviato: lunedĂŹ 29 maggio 2017 19:13
A: packetfence-users@lists.sourceforge.net
Oggetto: Re: [PacketFence-users] mab+802.1x authentication
Hi Luca,
Iâm sorry if I canât be of more help.
I actually have a 802.1x deployment with machine authentication in production
but that one doesnât go through packetfence -> it works directly with NPS. (And
yes, in that case different profiles are configured in NPS for machine and user
authentication. They are not mutually exclusive in NPS).
The packetfence deployment I have is mainly for guest access.
Pedro
From: luca comes [mailto:lucaco...@hotmail.it]
Sent: Monday, May 29, 2017 4:34 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] mab+802.1x authentication
Hi Pedro,
yes I think so but I don't understand how to do this. I need to do a new
connection profile for it? At the moment I have only one connection profile
other than the default that take care of users. I'm really confused.
Thanks
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: Pedro SimÔes <pedro.sim...@layer8.pt<mailto:pedro.sim...@layer8.pt>>
Inviato: lunedĂŹ 29 maggio 2017 17:06
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Oggetto: Re: [PacketFence-users] mab+802.1x authentication
I think for that scenario you need to use machine authentication.
From: luca comes [mailto:lucaco...@hotmail.it]
Sent: Monday, May 29, 2017 3:12 PM
To:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: [PacketFence-users] mab+802.1x authentication
Hi all,
I succesfully configured last release of PF with Cisco Catalyst 3750G to
perform 802.1x authentication over my AD Domain.
I'm studying the solution because the intention is to deploy it on all my sites
(more or less 15 sites and 1000 users). Actually the server is located on our
datacenter in out-of-band deployment and locally on my test site I've
configured registration and isolation VLAN even if they are not used in 802.1x
environment. The problem now is that I need to permit AD authentication on PC's
where credentials are not in client's cache but at the begininning neither IP
traffic nor DHCP is permitted so users can't access the network. I thought that
a solution could be perform to factor authentication so at the start of the
process I could use MAB authentication and put them on the registration VLAN
opened to access the AD. But then I need to do 802.1x user authentication
without pass through the registration portal, is that possible? Is there a
better way to deploy a solution like that?
Thank you in advance
Luca
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
