Il 29/04/2019 14:16, Nicolas Quiniou-Briand via PacketFence-users ha
scritto:
Hello,
On 2019-04-28 9:53 p.m., Enrico via PacketFence-users wrote:
Dear all,
I’ve been writing lots of emails to this list, but I think this one
is a very important one, because I’d like to find better information
about the question of access logging.
Packetfence is a software that allows a web access following an
authentication.
No, it's a bit more complex. PacketFence will grant access to the
network after an authentication and an authorization steps.
PacketFence relies on FreeRADIUS, so it's a AAA server.
If the user doesn’t write his/her own username in the Identity field,
but rather specifies “anonymous” or something similar, PacketFence
records this information and then I can’t associate the connected
supplicant to the username that logged in.
This mean you didn't configure correctly PacketFence.
Dear Nicolas,
Could you check these configuration files ?
Thanks
Best Regards
Enrico
*profiles.conf :*
[INFN-WIRED]
filter_match_style=all
locale=
device_registration=default
filter=connection_type:Ethernet-EAP
description=INFN-WIRED
autoregister=enabled
sources=RADIUS-AAI
scans=OpenVAS
*switches.conf :*
[a.b.c.d]
cliUser=admin
defaultVlan=25
deauthMethod=RADIUS
description=privsw-3-7
type=HP::Procurve_2500
cliPwd=XXXXXXX
isolationVlan=28
radiusSecret=XXXXXX
cliEnablePwd=XXXXXXX
registrationVlan=29
*authentication**.conf :*
[RADIUS-AAI]
realms=default,null
options= <<EOT
type = auth+acct
response_windows = 8
status_check = status-server
revive_interval = 120
check_interval = 30
num_answer_to_alive = 3
src_ipaddr = $src_ip
EOT
monitor=0
set_access_level_action=
timeout=1
secret=XXXXXXX
port=1812
description=RADIUS-AAI
host=[a.b.c.d]
type=RADIUS
*scan**.conf :*
[OpenVAS]
openvas_alertid=fe87d0c2-eeef-4d49-a220-e85bb7b002f5
openvas_configid=65a4a714-6b88-4468-ba32-dfbad873c275
ip=[a.b.c.d]
openvas_reportformatid=c1645568-627a-11e3-a660-406186ea4fc5
duration=5m
categories=
port=9390
registration=0
username=admin
post_registration=1
password=XXXXX
pre_registration=0
oses=2,1,5
type=openvas
*HP Procurve-2500 config :
*... omissis*
*aaa authentication port-access eap-radius
aaa accounting system start-stop radius
radius-server host IP_PACKETFENCE_SERVER key XXXX
no snmp-server enable traps link-change 1-24
aaa port-access authenticator 3-4
aaa port-access authenticator 3 client-limit 8
aaa port-access authenticator 4 client-limit 8
aaa port-access authenticator active
**....
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
