Dose this also apply to using it with AzureAD, since i run a domainless setup, and it would be enough if it just went standalone where it validates via the certificate, And its not the domain name it gives there, its just the word "host/"
Currently i cant manually even approve the device to connect as its returning a empty error with 401 on the radius reply. Regards From: Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Wednesday, 15 May 2024 19:48 To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <oeufd...@gmail.com> Subject: Re: [PacketFence-users] Radius Issues with EAP TLS WiFi This message was sent from an external sender. Exercise strict caution when interacting with links or file attachments! Normally you shouldn't have to strip the host\ since you are able to search this attribute in the AD via the servicePrincipalName attribute. https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.packetfence.org%2Fdoc%2FPacketFence_Installation_Guide.html%23_using_the_corporate_machine_role&data=05%7C02%7Cadrian.damaschek%40technicondesign.com%7C40467814b8f243215c2508dc7508373f%7Cd62d5a24155947988cd246c204b1ab0c%7C1%7C0%7C638513925350705789%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=60Keqdpel5RL03jw5IlkZfYmOgyNXVUa1pWGqk%2BlZpQ%3D&reserved=0 Le mer. 15 mai 2024 à 13:24, Adrian Damaschek via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net> a écrit : Im trying to set up the NAC to provide certs over SCEP and then use that to allow Device Access to my WiFi network. It has to be Device level auth as they are used by multiple users and it’s the machine that should determine the access to the network. So there are two problems I am struggling with. One is that windows insist on adding host/ in front of the computer and I cant seem to be able to strip it with a filter but maybe I did the wrong thing with it My attempt was ${replace($radius_request.User-Name,"host\/","")} Scope was set to preprocess, for testing I set the value to be always TRUE, and I did try with and without merging the answer. Also when I try to log on package fence dose process it and rejects it, giving Module-Failure-Message = "rest: Server returned:", Also noticed in the reply that I get REST-HTTP-Status-Code = "401", Not sure if this is related to the host/ that windows puts in username of the initial request. Any tip on how to deal with this would be appreciated. Regards Adrian _______________________________________________ PacketFence-users mailing list mailto:PacketFence-users@lists.sourceforge.net https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=05%7C02%7Cadrian.damaschek%40technicondesign.com%7C40467814b8f243215c2508dc7508373f%7Cd62d5a24155947988cd246c204b1ab0c%7C1%7C0%7C638513925350719255%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=58VHWw1vgRRpxHIT69tTfj0Xe%2ByDoOnj0taBjQ3jHyQ%3D&reserved=0
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
