Dear all,
I’ve been writing lots of emails to this list, but I think this one is a
very important one, because I’d like to find better information about
the question of access logging.
Packetfence is a software that allows a web access following an
authentication. Logging of these accesses is a very important question
for me. Every log must be done in the correct way, always. In order to
make a test, I created a profile for a cabled net which uses Free Radius
as an authentication backend. Then there are some ProCurve switches, set
up with 802.1X.
Acces to the production V-Lan is achieved through PacketFence, which,
after authentication, assigns a tag to the port where the user comes
from. The supplicant is set up with 802.1X.
It’s paramount for me to log these accesses through PacketFence. From
what I saw, this software records everything inside its database and
visualizes informations through a Web interface. Unfortunately, these
informations aren’t always the ones I want. In my case, in
fact,PacketFence actually “trusts” whatever the user writes in his/her
own client configuration. 802.1X, as you know, asks to specify an
identity and a username.
If the user doesn’t write his/her own username in the Identity field,
but rather specifies “anonymous” or something similar, PacketFence
records this information and then I can’t associate the connected
supplicant to the username that logged in.
The possibility of distinguishing between Identity and Username, outer
and inner tunnel, is well known and it’s useful in case of federate
authentications. In my case, though, it can be dangerous. To solve this
situation I introduced Ldap: specifically, I tried to create a network
profile with backend Ldap and to set up a Switch with 802.1X by using
Packetfence as Freeradius server. But in this case, too, both in logs
and in the dashboard I can see the identity, but not the username.
Has anyone solved this problem?
Thanks again for your help.
Best Regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
_______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
