Hello Paul, If you are not using PacketFence as the captive portal you can use it for the radius only if you want.
For the RADIUS PF will handle Mac authentication requests and 802.1x requests. I’m assuming you want to use an open SSID with Mac authentication, if you can’t get the portal workflow working that fine, you could just use the node status in PF to pre-register device. I can see how is it not very convenient for BYOD devices. I know that PF works with Fortinet / FortiAP with 802.1x, the problem comes to the CoA (Change of authorization), the way to disconnect user from a registration state to a production state. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 18, 2022, at 7:02 PM, Reed, Paul via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Good evening, > > > I am in the middle of considering a couple different NAC type solutions, and > Packetfence has been the one I have been testing for nearly 2 weeks now. > > I am using Fortigates and FortiAPs for wireless. > > Right now, I am going through the process of getting guest wifi via captive > portal working. After giving up on the external captive portal (served via > Packetfence) after a few days of troubleshooting, I decided to simply use the > Fortigate’s internal captive portal until I can give the magic packet > handshake issues another go. The idea was to allow internal users to be able > to sign onto the guest network and use it (BYOD) for internet access after > authenticating with their AD credentials. > Unfortunately this also does not work. It seems that Packetfence rejects the > request since Fortigates are not “cli-access” compatible (which is what > web-auth defaults to). After I continued to dig, it seems that wireless > access that is not 802.1x is not supported, which strikes me as odd. > > I figure I should be able to override this behavior somewhere in radius.pm, > but my brain is fried and frustrated. Anyone can point into the right > direction? Or is Packetfence simply unsuitable when not using its built in > captive portal? > > Thanks in advance > > > > Paul Reed | IT Systems Engineer > Puffer-Sweiven | 4230 Greenbriar Drive | Stafford | TX | 77477 | US > A Member of the Emerson Impact Partner Network > T +1 281 274 6140 | M +1 713 351 9880 > paul.r...@puffer.com <mailto:paul.r...@puffer.com> > > www.puffer.com > <https://urldefense.com/v3/__http://www.puffer.com/__;!!GjvTz_vk!RrIKII7ApbcvWmFHgzFJbbhqAWUzgyKflVg3lBrjv5TS-a8IGmm5solhr2UoHyGYF01k4enW6gN_dSZPZi_xeGzdX5CwlkUyC0L8xQ$> > > > <https://urldefense.com/v3/__https://www.puffer.com/__;!!GjvTz_vk!RrIKII7ApbcvWmFHgzFJbbhqAWUzgyKflVg3lBrjv5TS-a8IGmm5solhr2UoHyGYF01k4enW6gN_dSZPZi_xeGzdX5CwlkXA9iAJEQ$> > > > Notice: This e-mail may contain information that is confidential, privileged > or otherwise protected from disclosure. If you are not an intended recipient > of this e-mail, redistributing or copying it, or taking action on the basis > of its information, is prohibited; please delete it and any attachments and > notify sender that you have received it in error. > > E-mail messages may contain computer viruses, and may be intercepted, > modified or deleted without the knowledge of sender or intended recipient. > As a result, you may decide not to communicate with Puffer-Sweiven via > e-mail. Also, Puffer-Sweiven reserves the right, under circumstances > permitted by applicable law, to retain and monitor its system's incoming and > outgoing e-mail messages. > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RrIKII7ApbcvWmFHgzFJbbhqAWUzgyKflVg3lBrjv5TS-a8IGmm5solhr2UoHyGYF01k4enW6gN_dSZPZi_xeGzdX5CwlkXdbsMPMw$ > > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RrIKII7ApbcvWmFHgzFJbbhqAWUzgyKflVg3lBrjv5TS-a8IGmm5solhr2UoHyGYF01k4enW6gN_dSZPZi_xeGzdX5CwlkXdbsMPMw$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
