ghehe :-)
Happy that after some fiddling with REALMS config, our 802.1x radius
auth is working now, but I am seeing behaviour that I don't understand.
I have _only_ configured the "DEFAULT" realm and left LOCAL and NULL
empty. (also created no new ones)
DEFAULT is configured with strip, OURDOMAIN and OUR-AD-COMPUTERS as
user-source. Radius has been restarted.
Puzzling behaviour:
Why is packetfence also authenticating USERS for our active directory
during win7 clients logons? Win7 configured to use User or Computer
authentication. Confirmed by tailing the radius logs during logons:
first as computer, and after user logon the change to user.
How can this work with the configured usersource??
The source OUR-AD-COMPUTERS goes to CN=Computers,DC=ad,DC=company,DC=com
with servicePrincipalName is username attribute. Scope: one-level.
With that usersource, I would expect only machine account
authentications to work. But machines AND users (are in CN=Users,...)
both work.
How can that be? Radiusd/radiusd-auth/radius-acct have been restarted
from the packetfence GUI.
So, in my case things appear to work TOO well..? Can anyone explain? Do
I need to restart more services?
MJ
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
