Hi, Thanks for the replies.
1.- I chose Radius 2.- I've joined PF to the Domain. 3.- I've added the AD as Authentication Source 4.- I've created authentication rules 5.- I've configured the switch as device in PF and also the switch to talk to PF as Radius as I can see on the logs "(30212) eap_peap: ERROR: TLS Alert read:fatal:unknown CA" Now my question is, Is there a place through the GUI to add CA certs to PF or we do it manually by SCP to somewhere around here? /usr/local/pf/conf/ssl/tls_certs/ @Durand fabrice<mailto:[email protected]> can you point to the right place? I'd like to auth wired 802.1x machines with certificates from our own Microsoft CA. Is it under PKI Providers? Thanks ________________________________ From: Durand fabrice via PacketFence-users <[email protected]> Sent: Saturday, 12 October 2019 2:06 PM To: [email protected] <[email protected]> Cc: Durand fabrice <[email protected]> Subject: Re: [PacketFence-users] Setup questions Le 19-10-08 à 21 h 14, Javier Pobeda via PacketFence-users a écrit : Hi folks, I'm struggling to understand basic design stuff. I want to run my PF server to authenticate remote users (wired 802.1x) and also provide AAA to access network gear assigning role privilege levels, etc. Remote offices use different VLAN configuration so I have to be able to allocate different VLAN IDs with Radius. What mode should I choose during the setup? just VLAN? or VLAN AND Radius. Vlan enforcement if you want to use the portal, Radius if you just want to do radius. Does this allow for putting a user that fails auth into a "remediation" LAN? It depend what you need , if the 802.1x authentication fail then the radius request will be rejected. It belong to the switch to decide what to do with a reject. VLAN enforcement PacketFence is the server that assigns the VLAN (or roles) to the devices. This is the prefered enforcement mechanism for manageable equipment. WebAuth enforcement PacketFence is the server that assigns the Role (or ACL) to the devices. This mode is for web authentication. RADIUS enforcement PacketFence is the server that validates the RADIUS authentication and returns the VLAN (or roles) to the devices. This mode does not have a registration option, it is either accept or deny with the final VLAN. If I choose VLAN and RADIUS It requires to add new interfaces but they MUST be on separate networks which I'm not sure why if what I want is to have a remote radius server to do the job. I can't quite get the purpose. Choose radius in that case. Regards Fabrice Anyone able to shed some light? Thanks _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
