Hello - I've followed packetfence since 2015 but we never fully adopted its feature sets due to various reasons. Our original interest was for Captive Portals - but at the time it felt like overkill and we did not want in-band switch port management to deploy a simple 'coffee shop' portal.
Times have changed and personally I thought Captive Portals would have died off in requests by now but they are more prevalent now than ever with BYOD and user-initiated on-boarding. Since COVID we have shifted into various vertical markets and are finding the need to consolidate our deployments into a more scalable resource/deployment for various installs in these markets. Our requirements - - Portal Page and User management - whether manually onboarded/import and/or through user initiated portal pages. - MAC bypass - manually bypass portals for authorized MAC identified hosts. If there is a user onboarding for this as well through already AUTH credentials that is a plus. - 802.1X auth for dynamically assigned VLANs (w/ and w/o MAC filtering) over wireless only - mix of vendors Unifi, Peplink, Cisco, Meraki, etc. Common thread is that all are managed through a controller - no autonomous APs. We currently employ Mikrotik hotspots and Peplink InControl portals - depending on the installation router. User accounts are added via script, API, ssh, etc manually not by a user request/portal interaction. All dynamic VLAN assignments/RADIUS attributes (radchecks, radreply, radgroupreply,etc) are handled in freeRADIUS based on user credentials - typically only a couple VLAN options, most of these installs have no more than 5 total VLANs. I've spun up a VM of 12.2, the maturation is impressive but documentation for our actual deployment needs to migrate from freeRADIUS stand-alone DB is non-existent - at least from my searching in the last week. I understand the concepts (I believe), my big question is using just 'local to Packetfence install' freeRADIUS possible as AUTH? We do not deploy anything Windows based - we are a UNIX/Open-Source/In-house DEV company. So AD is not an option, we do have some LDAP/freeRADIUS servers running for internal use (linux) but don't want to expose that cluster to end user accounts. I feel that the current version will suit our needs to do what we want for the most part and give us a unified platform; but can't really seem to find any documentation to move forward on testing. Specific to "Authentication Source RADIUS' - docs seem to skim over this as an option or its possible I need to be looking elsewhere? Any direction is appreciated - I've been testing with UniFi (which I know Ubiquiti has its own issues), I see it's a recent integration as well. I can see request come in but always rejected auth in wrong eap/mshcap (even though I've removed them as auth options). I also see my Internal RADIUS source constantly in 'wrong shared secret' ( client localhost). I'm going to migrate to a Cisco test lab to verify its not a tunnel, remote resource issue and keep everything in the same subnet (nodes/nas). Thank you for any assistance - Cory White Senior Network Engineer 904-735-1600 c...@xpodigital.com www.xpodigital.com [image: facebook] <https://www.facebook.com/xpodigital> [image: twitter] <https://www.twitter.com/xpodigital> [image: linkedin] <https://www.linkedin.com/company/xpodigita> [image: instagram] <https://www.instagram.com/xpodigital/>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
