Hello Guy, I did.
I don’t know if your log cleaning was to aggressive but I can’t find your available source for your 802.1x connection. Make sure that the source that your try to match on has: Either SerivicePrincipalName as the primary attribute to search on or secondary. Also, make sure to have your computer within the scope where your source looks in for. Your host/PC20033.domain.com <http://pc20033.domain.com/> is not matching any rule and that’s your problem, 802.1x fails and fall back to Mac authentication. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 23, 2021, at 9:14 AM, Guy BLAVIN <[email protected]> wrote: > > Hello Ludovic, > > Did you see my answer to your response ? > > Thx, > Guy > > De : Guy BLAVIN via PacketFence-users > [mailto:[email protected]] > Envoyé : lundi 15 mars 2021 14:53 > À : Ludovic Zammit <[email protected]> > Cc : Guy BLAVIN <[email protected]>; [email protected] > Objet : Re: [PacketFence-users] 802.1x error : auto-registration of node > failed max nodes per pid met or exceeded > > Hi Ludovic, > > Ø I’m assuming you want do to 802.1x computer authentication seeing the > host/PC21020.domain.com <http://pc21020.domain.com/> authentication. > > Yes, exactly. We use computer account authentication to put computers in the > corporate vlan. > > The configuration had been working for 2 years, and it still works with most > computers – the only computers for which it doesn’t work are the recently > intalled ones. > > I attached another log : it is today’s log of a computer which authenticates > without problem. The autoregistration is enable on the 802.1x profile. > > The thing that seems weird in the configuration, is that there are 3 realms > associated with the profile, and the three point to the same AD domain. > > > Guy > > De : Ludovic Zammit [mailto:[email protected] <mailto:[email protected]>] > Envoyé : lundi 15 mars 2021 13:08 > À : Guy BLAVIN <[email protected] <mailto:[email protected]>> > Cc : [email protected] > <mailto:[email protected]> > Objet : Re: [PacketFence-users] 802.1x error : auto-registration of node > failed max nodes per pid met or exceeded > > Hello Guy, > > I think you have possible multiple issue with your configuration check the > following: > > - Default REALM authenticate against your domain and split in RADIUS > authorize under Configuration > Domains > Realms > DEFAULT. > - Make sure you have an AD source on the connection profile that you want to > use and has “ServicePrincipalName” as Search Attribute. Then create a rule > that catches computer authentication with a condition like this: > ServicePrincipalname starts with host/ assign the role whatever you want. > - Make sure to have autoregistration enable on the connection profile > > I’m assuming you want do to 802.1x computer authentication seeing the > host/PC21020.domain.com <http://pc21020.domain.com/> authentication. > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <https://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > > > On Mar 15, 2021, at 5:57 AM, Guy BLAVIN <[email protected] > <mailto:[email protected]>> wrote: > > <mylog.zip>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
