Hello, Correct, I’m referring to the computer authentication mode on the windows supplicant setup.
All authentication interaction would logged into the /usr/local/pf/logs/packetfence.log you do the following: grep MAC-ADDRESS /usr/local/pf/logs/packetfence.log Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Mar 6, 2024, at 6:09 AM, Jochen Ackermann via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello Ludovic, > > the authentication mode on the computer (windows, wired autoconfig) is set to > "computer authentication" or do you refer to a setting within packetfence? > The PF authentication Source uses servicePricipalName as Username Attribute, > is there any other setting to come into play? Wouldn't packetfence know from > the prefix /host (or hostname$) to interpret the name as machine-name? Would > there be any helpful information in the debug logs. > > Thank you, > > Jochen > > > On 05.03.2024 17:25, Zammit, Ludovic wrote: >> I think the answer is that you have to do computer authentication only, >> because I think you do computer + user authentication and the user >> authentication overrides the computer authentication. >>> >>> We would like to use packetfence for Dot1X EAP-TLS authentication based on >>> machine certificates with the hostname as the TLS-Client-Cert-Common-Name >>> (the user of the machine afterwards authenticates against AD directly). >>> The role-mapping and authentication itself in PF works well, but as a sort >>> of irksome result the authenticated (and auto-registered) machine lists on >>> the Nodes tab with the corresponding MAC address and an empty computername. >>> Instead the hostname is shown as owner and the machine name is registered >>> under the Users tab with the FQDN, together with other regular (i.e. >>> "real") user's accounts. >>> Auditing->Node Information shows Computer Name N/A and username >>> host/hostname.domain.tld >>> The Authentication Source uses servicePricipalName as Username Attribute, >>> that is the only hint I found to distingish between user and machine >>> authentication. >>> Is there some way to treat the hostname to show up as node instead of user >>> as normally indicated by the form host/... or hostname$ > > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!QURolkl3c3VT9mN6cYT_BWqmjaXz02NHWNWxLZFXU9aj2fXAuVq8mq--V7b5imM65r6m2AIkbvyLGbqlsgH_bGGjRkyd7cpv5hb8eA$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
