Yogendra - Thank you for the link, this looks to fill in some of the missing pieces in my learning curve, much appreciated.
Cory White Sr. Network Engineer 904.735.1600 c...@xpodigital.com On Fri, May 26, 2023 at 11:33 PM Yogendra Singh <yogend...@iiti.ac.in> wrote: > Dear Cory, > > As an alternate guide for installation, you can use Extreme Networks " A3 > Installation and Usage Guide". The A3 is completely built upon Packetfence. > The URL for the guide is > https://documentation.extremenetworks.com/a3/4.1.1/A3-v4.1.0-InstallationAndUsageGuide-NV.pdf > > Thanks and regards > > On Sat, May 27, 2023 at 12:39 AM Cory White via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello - >> >> I've followed packetfence since 2015 but we never fully adopted its >> feature sets due to various reasons. Our original interest was for Captive >> Portals - but at the time it felt like overkill and we did not want in-band >> switch port management to deploy a simple 'coffee shop' portal. >> >> Times have changed and personally I thought Captive Portals would have >> died off in requests by now but they are more prevalent now than ever with >> BYOD and user-initiated on-boarding. >> >> Since COVID we have shifted into various vertical markets and are finding >> the need to consolidate our deployments into a more scalable >> resource/deployment for various installs in these markets. Our requirements >> - >> >> - Portal Page and User management - whether manually onboarded/import >> and/or through user initiated portal pages. >> - MAC bypass - manually bypass portals for authorized MAC identified >> hosts. If there is a user onboarding for this as well through already AUTH >> credentials that is a plus. >> - 802.1X auth for dynamically assigned VLANs (w/ and w/o MAC >> filtering) over wireless only - mix of vendors Unifi, Peplink, Cisco, >> Meraki, etc. Common thread is that all are managed through a controller - >> no autonomous APs. >> >> We currently employ Mikrotik hotspots and Peplink InControl portals - >> depending on the installation router. User accounts are added via script, >> API, ssh, etc manually not by a user request/portal interaction. All >> dynamic VLAN assignments/RADIUS attributes (radchecks, radreply, >> radgroupreply,etc) are handled in freeRADIUS based on user credentials - >> typically only a couple VLAN options, most of these installs have no more >> than 5 total VLANs. >> >> I've spun up a VM of 12.2, the maturation is impressive but documentation >> for our actual deployment needs to migrate from freeRADIUS stand-alone DB >> is non-existent - at least from my searching in the last week. I understand >> the concepts (I believe), my big question is using just 'local to >> Packetfence install' freeRADIUS possible as AUTH? We do not deploy >> anything Windows based - we are a UNIX/Open-Source/In-house DEV company. So >> AD is not an option, we do have some LDAP/freeRADIUS servers running for >> internal use (linux) but don't want to expose that cluster to end user >> accounts. I feel that the current version will suit our needs to do what we >> want for the most part and give us a unified platform; but can't really >> seem to find any documentation to move forward on testing. >> >> Specific to "Authentication Source RADIUS' - docs seem to skim over this >> as an option or its possible I need to be looking elsewhere? Any direction >> is appreciated - I've been testing with UniFi (which I know Ubiquiti has >> its own issues), I see it's a recent integration as well. I can see request >> come in but always rejected auth in wrong eap/mshcap (even though I've >> removed them as auth options). I also see my Internal RADIUS source >> constantly in 'wrong shared secret' ( client localhost). >> >> I'm going to migrate to a Cisco test lab to verify its not a tunnel, >> remote resource issue and keep everything in the same subnet (nodes/nas). >> >> Thank you for any assistance - >> >> Cory White >> >> Senior Network Engineer >> 904-735-1600 >> c...@xpodigital.com >> www.xpodigital.com >> [image: facebook] <https://www.facebook.com/xpodigital> >> [image: twitter] <https://www.twitter.com/xpodigital> >> [image: linkedin] <https://www.linkedin.com/company/xpodigita> >> [image: instagram] <https://www.instagram.com/xpodigital/> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Yogendra Singh > Deputy IT Officer > Certified Data Centre Professional (CDCP) > Indian Institute of Technology Indore > Contact No: +91 94248 18088 > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
