Hello Robert,
can you paste the packetfence.log when the device authenticate and also
paste the radius filter.
Regards
Fabrice
Le 20-04-22 à 15 h 58, Robert McNutt via PacketFence-users a écrit :
I'm trying to set a radius filter to block mac auth for any devices
assigned to roles that should only auth via PEAP or EAP-TLS...
For example, if a port has a phone and computer plugged in, the phone
will do mac auth but the computer should never get a radius accept for
mac auth... whats happening by default is if a computer fails dot1x
auth it then falls back to mac auth and PF accepts it because the node
was registered... this is what I'm trying to prevent...
I set up a radius filter as such:
connection_type == "Ethernet-NoEAP" && (node_info.category ==
"CORP-LAN" || node_info.category == "ADMIN-LAN")
It never matches... But if I change the logic to be NOT Ethernet-EAP,
everything matches, EAP and not EAP... it seems as if the
connection_type isn't actually being read by the filter parsing... Am
I missing something?
Robert McNutt
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
