Hello Ludovic, Did you see my answer to your response ?
Thx, Guy De : Guy BLAVIN via PacketFence-users [mailto:[email protected]] Envoyé : lundi 15 mars 2021 14:53 À : Ludovic Zammit <[email protected]> Cc : Guy BLAVIN <[email protected]>; [email protected] Objet : Re: [PacketFence-users] 802.1x error : auto-registration of node failed max nodes per pid met or exceeded Hi Ludovic, Ø I’m assuming you want do to 802.1x computer authentication seeing the host/PC21020.domain.com<http://PC21020.domain.com> authentication. Yes, exactly. We use computer account authentication to put computers in the corporate vlan. The configuration had been working for 2 years, and it still works with most computers – the only computers for which it doesn’t work are the recently intalled ones. I attached another log : it is today’s log of a computer which authenticates without problem. The autoregistration is enable on the 802.1x profile. The thing that seems weird in the configuration, is that there are 3 realms associated with the profile, and the three point to the same AD domain. Guy De : Ludovic Zammit [mailto:[email protected]] Envoyé : lundi 15 mars 2021 13:08 À : Guy BLAVIN <[email protected]<mailto:[email protected]>> Cc : [email protected]<mailto:[email protected]> Objet : Re: [PacketFence-users] 802.1x error : auto-registration of node failed max nodes per pid met or exceeded Hello Guy, I think you have possible multiple issue with your configuration check the following: - Default REALM authenticate against your domain and split in RADIUS authorize under Configuration > Domains > Realms > DEFAULT. - Make sure you have an AD source on the connection profile that you want to use and has “ServicePrincipalName” as Search Attribute. Then create a rule that catches computer authentication with a condition like this: ServicePrincipalname starts with host/ assign the role whatever you want. - Make sure to have autoregistration enable on the connection profile I’m assuming you want do to 802.1x computer authentication seeing the host/PC21020.domain.com<http://PC21020.domain.com> authentication. Thanks, Ludovic Zammit [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca<https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Mar 15, 2021, at 5:57 AM, Guy BLAVIN <[email protected]<mailto:[email protected]>> wrote: <mylog.zip>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
