Ok i understand, but how do I configure WMI scan engine to scan only one host which is not in the AD domain? ( It's only in the default WORKGROUP) I can't get the scan to work, the packetfence.log doesn't show anything about scan
On Thu, Jul 18, 2019, 7:58 PM Fabrice Durand via PacketFence-users < [email protected]> wrote: > It depend how you configure your violation. > > > Le 19-07-18 à 05 h 33, Chadwick Boseman via PacketFence-users a écrit : > > Hi Fabrice, > Thanks a lot for ur answer, really helpful! > > One more thing I wanna ask is, if I do as you said > > *"You need to create a wmi scan engine and add it in the connection > profile."* > > When the client device triggers a violation, will it be automatically > moved to the isolation VLAN > > > On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> Hello Chadwick, >> Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users a écrit : >> >> Hi All, >> So I have a PF Zen up and running, >> >> I have some questions regarding my understanding of VLAN membership in PF: >> 1. When a new device (never connect / never register before) is connected >> to the switch, it will be put into the registration VLAN. And after they >> register their device from the captive portal it will be moved to guest >> VLAN automatically. Is this correct?? if not, please explain to me >> >> In fact the vlan you want. >> >> 2. after the device's MAC is registered in the PF server, does the user >> have to manually enable the 802.1x auth from their ethernet adapter? or can >> PF actually automatically change the VLAN to default/normal VLAN and >> activate the 802.1x auth? >> >> The supplicant needs to be configured if you wants to do 802.1x, you can >> do it by GPO if you have a domain. >> >> Also you can do provisioning with packetfence but only for wireless right >> now. >> >> >> i followed the pf installation guide , the captive portal is configured >> to the bare minimum where the user just need to agree to some policy, and >> the device then registered. My VLANs are as follow : >> Guest : VLAN 640 >> Registration : VLAN 640 >> Normal/default : VLAN 625 >> Isolation : VLAN 641 >> >> The guest and registration VLANs are the same because the installation >> guide said >> *"in Role by VLAN ID, set the registration and guest VLAN ID to 20 - this >> will ensure unregistered clients are initially put in VLAN 20 and avoid a >> VLAN change once they properly authenticate from the captive portal"* >> >> *It's for web authentication, not for vlan enforcement, so the >> registration vlan needs to be different than the guest vlan.* >> >> >> I want something more to do on the captive portal, so I configured a WMI >> scan so when a client register their device on the captive portal, WMI >> checks whether they have an Antivirus installed or not.. >> I want that if the device doesn't have an AV installed, it is moved to >> the isolation VLAN (That's the correct behavior right?) so how do I achieve >> this? >> >> You need to create a wmi scan engine and add it in the connection profile. >> >> Regards >> >> Fabrice >> >> >> >> Thanks a lot guys..I'll really appreciate any explanation/answer >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
