Re: [PacketFence-users] why is my radius working? :-)

[Durand fabrice via PacketFence-users]

Hello Mj,

Le 2017-07-10 à 09:38, mj via PacketFence-users a écrit :
ghehe :-)

Happy that after some fiddling with REALMS config, our 802.1x radius 
auth is working now, but I am seeing behaviour that I don't understand.

I have _only_ configured the "DEFAULT" realm and left LOCAL and NULL 
empty. (also created no new ones)

DEFAULT is configured with strip, OURDOMAIN and OUR-AD-COMPUTERS as 
user-source. Radius has been restarted.

Puzzling behaviour:
Why is packetfence also authenticating USERS for our active directory 
during win7 clients logons? Win7 configured to use User or Computer 
authentication. Confirmed by tailing the radius logs during logons: 
first as computer, and after user logon the change to user.
When you start your computer , before login with your user account the 
device authenticate with the machine account. (this is what you 
configured on the device).



How can this work with the configured usersource??

The source OUR-AD-COMPUTERS goes to 
CN=Computers,DC=ad,DC=company,DC=com with servicePrincipalName is 
username attribute. Scope: one-level.

With that usersource, I would expect only machine account 
authentications to work. But machines AND users (are in CN=Users,...) 
both work.
It probably woks because the machine auth worked on the first time (i 
need logs to verify that).


How can that be? Radiusd/radiusd-auth/radius-acct have been restarted 
from the packetfence GUI.

So, in my case things appear to work TOO well..? Can anyone explain? 
Do I need to restart more services?

I need to check the config you did. (profiles.conf, authentication.conf)
Regards
Fabrice

MJ

------------------------------------------------------------------------------ 

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users