Hi Fabrice,
So is there any problem within my configuration which I posted in my previous mail ? I ask our network team if cisco acs needs to join domian server, they said no need. They said they only need to add AD server in cisco ACS for authentication. What??s the difference between using acs and using pf-freeradius ? ------------------ Original ------------------ From: packetfence-users <[email protected]> Date: ????,1?? 16,2018 00:26 To: Fabrice Durand <[email protected]>, packetfence-users <[email protected]> Cc: Yan <[email protected]> Subject: Re: [PacketFence-users] Successfully passed 802.1x auth but nonetwork access Yes. They have the same domain/users but on different servers. Both of them can authenticate our all users. ------------------ Original ------------------ From: Fabrice Durand <[email protected]> Date: ????,1?? 15,2018 22:13 To: Yan <[email protected]>, packetfence-users <[email protected]> Subject: Re: [PacketFence-users] Successfully passed 802.1x auth but no network access Hello Yan, does AD1 and AD2 are the same ? (same domain/users ...) Regards Fabrice Le 2018-01-15 ?? 00:41, Yan a ??crit : Hi Durand, I installed a netdata in my pf server and not found any network issue yet(I'm learning to use it). But there is another case I'm not sure if it is related to the authentication issue. We have 2 PF servers, pf1 is in office A and pf2 is in office B. We also have 2 domain servers(for AD and DNS) and AD1 is in office A and AD2 is in office B. In configuration--Policy and access control--Domains--Active Directory Domains menu of both PF servers, I added and joined the same domain AD1 (domain in office A). But in Configuration--Policy and access control--Authentication Sources menu, I add domain AD1 to pf1, and AD2 to pf2. And for the connection profile, I choose AD1 as authentication source on pf1, and choose AD2 as authentication source on pf2. I don't know if I clearly describe it, I draw a picture to make is more clear. Would this cause the previous strange issue ? -- Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
[email protected]
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
