Re: [PacketFence-users] DOT1x with LDAP Authenticaion

[Fabrice Durand]

Hi Etienne,

Ok so here what you have to do:

Join packetfence to your domain.

Create an authentication source with rule that will assign role based on
group membership

Create a firewall sso config to send accounting packetfence to your
fortigate.

That's all, there no need to tell the switch to send accounting packets
, PacketFence will do it for you.

If you want i am available on the freenode irc #packetfence channel if
you want more details.

Regards

Fabrice



Le 2016-11-25 à 12:30, Etienne Vella a écrit :
> Hi Fabrice,
>
>
> The idea is to have a user to login via dot1x (wired/wireless) then
> PacketFence should check with Active Directory  re credentials then
> Before authenticating packet fence should check for a particular group
> to apply the vlan allocation rules. Once authenticated the switch
> would send accounting packets to Fortigate firewalls with modified
> class according according to the group which was met in the
> authentication part.  
>
>
> If some one else has a better approach i'm very open for suggestions. 
> At the end we would like to have SSO from the network layer 2 till the
> firewall. 
>
> Regards,
> Et
>
>
> On Fri, Nov 25, 2016 at 5:30 PM, Fabrice Durand  > wrote:
>
> Hi Etienne,
>
> Do you have an example of what you want to send and what is the
> firewall type ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2016-11-25 à 11:02, Etienne Vella a écrit :
>> Hi,
>>
>> Thanks for your reply but I'm not able to modify any classes there.
>>
>> Any ideas on how to do class mappings? 
>>
>> Regards 
>> Et
>>
>> On Fri, 25 Nov 2016, 15:59 Fabrice Durand, > > wrote:
>>
>> Hello Etienne,
>>
>> this feature is called firewall sso in PacketFence, have a
>> look in COnfiguration -> Firewall SSO.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2016-11-25 à 07:07, Etienne Vella a écrit :
>>> Hi,
>>>
>>> I'm currently trying to deploy packetfence to be used with
>>> DOT1x and SSO. I managed to configure  Rules Under User
>>> Sources -> Active Directory. But I would like to some logic
>>> to assign a class in the radius accounting packets so that
>>> the firewall could assign that user to that particular
>>> group.  Basically in short I would need to modify the class
>>> of the accounting packets which are being sent to SSO with
>>> specific classes according to specific groups.  Basically we
>>> are in the process to eliminate Microsoft NAP for DOT1x
>>>
>>>
>>> Regards,
>>> Etienne
>>>
>>>
>>>
>>> 
>>> --
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> 
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> 
>>
>> -- 
>> Fabrice Durand
>> fdur...@inverse.ca  ::  +1.514.447.4918 
>>  (x135) ::  www.inverse.ca 
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
>> PacketFence (http://packetfence.org) 
>>
>> 
>> --
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>  
>>
>> 
>> --
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> 
>
> -- 
> Fabrice Durand
> fdur...@inverse.ca  ::  +1.514.447.4918 
>  (x135) ::  www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org) 
>
> 
> --
> ___ PacketFence-users
> mailing list PacketFence-users@lists.sourceforge.net
> 
> 

Re: [PacketFence-users] DOT1x with LDAP Authenticaion

[Etienne Vella]

Hi Fabrice,


The idea is to have a user to login via dot1x (wired/wireless) then
PacketFence should check with Active Directory  re credentials then Before
authenticating packet fence should check for a particular group to apply
the vlan allocation rules. Once authenticated the switch would send
accounting packets to Fortigate firewalls with modified class according
according to the group which was met in the authentication part.


If some one else has a better approach i'm very open for suggestions.  At
the end we would like to have SSO from the network layer 2 till the
firewall.

Regards,
Et


On Fri, Nov 25, 2016 at 5:30 PM, Fabrice Durand  wrote:

> Hi Etienne,
>
> Do you have an example of what you want to send and what is the firewall
> type ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2016-11-25 à 11:02, Etienne Vella a écrit :
>
> Hi,
>
> Thanks for your reply but I'm not able to modify any classes there.
>
> Any ideas on how to do class mappings?
>
> Regards
> Et
>
> On Fri, 25 Nov 2016, 15:59 Fabrice Durand,  wrote:
>
>> Hello Etienne,
>>
>> this feature is called firewall sso in PacketFence, have a look in
>> COnfiguration -> Firewall SSO.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2016-11-25 à 07:07, Etienne Vella a écrit :
>>
>> Hi,
>>
>> I'm currently trying to deploy packetfence to be used with DOT1x and SSO.
>> I managed to configure  Rules Under User Sources -> Active Directory. But I
>> would like to some logic to assign a class in the radius accounting packets
>> so that the firewall could assign that user to that particular group.
>> Basically in short I would need to modify the class of the accounting
>> packets which are being sent to SSO with specific classes according to
>> specific groups.  Basically we are in the process to eliminate Microsoft
>> NAP for DOT1x
>>
>>
>> Regards,
>> Etienne
>>
>>
>>
>> --
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>> 
>> --
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
> --
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Cheers
Etienne
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence PKI

[Morgan, Darren]

Hi Antonie,

Details below;

[root@localhost ~]# rpm -qa | grep django
python-django-1.6.11-10.3.noarch
python-django-bash-completion-1.6.11-10.3.noarch
python-django-tagging-0.3.1-7.el6.noarch

Kind regards

Darren

From: Antoine Amacher [mailto:aamac...@inverse.ca]
Sent: 25 November 2016 16:55
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PacketFence PKI


Hello Morgan,

Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)

That should be 9393 and 9191, will be corrected.

The PacketFence PKI should still be supported and working.

It seems you have issue with django dependencies could you do "rpm -qa | grep 
django".

I will try to setup one PKI quick and let you know.

Thanks

On 11/25/2016 11:45 AM, Morgan, Darren wrote:
Hi,

I'm still having major issues getting the PKI to install using the instructions 
provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I'm using a fresh install 
of PacketFence 6.4.0 ZEN running on VMWare VSphere 6 Hypervisor (Given it 24GB 
RAM, 4 virtual sockets, with 2 cores each, and 200GB drive)

I've set up the system to link with our AD and is registered in our Domain.  
Checked with a laptop plugged in to an HP Procurve 2520G-8-PoE switch and end 
users can connect fine.  Even have Firewall SSO setup with iBoss which works 
buaetifully)

The problem I have is when I go through the PKI install guide;

Prepare to install with PacketFence
Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)
Restarted the iptables service

CentOS/RHEL
(Assuming I use the CentOS instructions as I'm using ZEN)
Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm
Loaded plugins: fastestmirror
Setting up Local Package Process
packetfence-release-1-2.centos6.noarch.rpm  

  | 2.8 kB 00:00
Examining /var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: does not 
update installed package.
Nothing to do
[root@localhost ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.cov.ukservers.com
* extras: mirrors.ukfast.co.uk
* updates: mirror.cov.ukservers.com
base

  | 3.7 kB 00:00
base/primary_db 

  | 4.7 MB 00:01
extras  

  | 3.4 kB 00:00
extras/primary_db   

  |  37 kB 00:00
mariadb 

  | 2.9 kB 00:00
mariadb/primary_db  

  |  22 kB 00:00
packetfence-extra   

  |  951 B 00:00
packetfence-extra/primary   

  |  74 kB 00:00
packetfence-extra   

   

Re: [PacketFence-users] PacketFence PKI

[Antoine Amacher]

Hello Morgan,

Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate 
lines in the iptables.conf (I note that in the guide it says 9393 and 
9292 so not sure if that is a typo on the iptables or the guide)


That should be 9393 and 9191, will be corrected.

The PacketFence PKI should still be supported and working.

It seems you have issue with django dependencies could you do "rpm -qa | 
grep django".


I will try to setup one PKI quick and let you know.

Thanks


On 11/25/2016 11:45 AM, Morgan, Darren wrote:


Hi,

I’m still having major issues getting the PKI to install using the 
instructions provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I’m 
using a fresh install of PacketFence 6.4.0 ZEN running on VMWare 
VSphere 6 Hypervisor (Given it 24GB RAM, 4 virtual sockets, with 2 
cores each, and 200GB drive)


I’ve set up the system to link with our AD and is registered in our 
Domain.  Checked with a laptop plugged in to an HP Procurve 
2520G-8-PoE switch and end users can connect fine.  Even have Firewall 
SSO setup with iBoss which works buaetifully)


The problem I have is when I go through the PKI install guide;

_Prepare to install with PacketFence_

Allowed traffic over ports 9393 and 9191 by uncommenting the 
appropriate lines in the iptables.conf (I note that in the guide it 
says 9393 and 9292 so not sure if that is a typo on the iptables or 
the guide)


Restarted the iptables service

_CentOS/RHEL_

(Assuming I use the CentOS instructions as I’m using ZEN)

Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm


Loaded plugins: fastestmirror

Setting up Local Package Process

packetfence-release-1-2.centos6.noarch.rpm | 2.8 kB 00:00

Examining 
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch


/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
does not update installed package.


Nothing to do

[root@localhost ~]# yum install packetfence-pki 
--enablerepo=packetfence-extra, packetfence


Loaded plugins: fastestmirror

Setting up Install Process

Loading mirror speeds from cached hostfile

* base: mirror.cov.ukservers.com

* extras: mirrors.ukfast.co.uk

* updates: mirror.cov.ukservers.com

base | 3.7 kB 00:00

base/primary_db | 4.7 MB 00:01

extras | 3.4 kB 00:00

extras/primary_db 
   | 
37 kB 00:00


mariadb 
| 
2.9 kB 00:00


mariadb/primary_db 
 | 
22 kB 00:00


packetfence-extra 
  | 
951 B 00:00


packetfence-extra/primary 
   | 
74 kB 00:00


packetfence-extra 
   255/255


updates  | 3.4 
kB 00:00


updates/primary_db   | 3.7 MB 00:01

Resolving Dependencies

--> Running transaction check

---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed

--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: python-ldap for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Running transaction check

---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed

--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: python-django-rest-framework for package: 
packetfence-pki-1.0.4-1.el6.noarch


--> Processing Dependency: django-countries for package: 
packetfence-pki-1.0.4-1.el6.noarch


---> Package python-ldap.x86_64 0:2.3.10-1.el6 will be installed

--> Finished Dependency Resolution

Error: Package: packetfence-pki-1.0.4-1.el6.noarch 

[PacketFence-users] PacketFence PKI

[Morgan, Darren]

Hi,

I'm still having major issues getting the PKI to install using the instructions 
provided (PacketFence_PKI_Quick_Install_Guide.pdf )  I'm using a fresh install 
of PacketFence 6.4.0 ZEN running on VMWare VSphere 6 Hypervisor (Given it 24GB 
RAM, 4 virtual sockets, with 2 cores each, and 200GB drive)

I've set up the system to link with our AD and is registered in our Domain.  
Checked with a laptop plugged in to an HP Procurve 2520G-8-PoE switch and end 
users can connect fine.  Even have Firewall SSO setup with iBoss which works 
buaetifully)

The problem I have is when I go through the PKI install guide;

Prepare to install with PacketFence
Allowed traffic over ports 9393 and 9191 by uncommenting the appropriate lines 
in the iptables.conf (I note that in the guide it says 9393 and 9292 so not 
sure if that is a typo on the iptables or the guide)
Restarted the iptables service

CentOS/RHEL
(Assuming I use the CentOS instructions as I'm using ZEN)
Tried the commands for this step and get the following errors;

[root@localhost ~]# yum localinstall 
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-release-1-2.centos6.noarch.rpm
Loaded plugins: fastestmirror
Setting up Local Package Process
packetfence-release-1-2.centos6.noarch.rpm  

  | 2.8 kB 00:00
Examining /var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: 
packetfence-release-1-2.centos6.noarch
/var/tmp/yum-root-PnLIg2/packetfence-release-1-2.centos6.noarch.rpm: does not 
update installed package.
Nothing to do
[root@localhost ~]# yum install packetfence-pki --enablerepo=packetfence-extra, 
packetfence
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.cov.ukservers.com
* extras: mirrors.ukfast.co.uk
* updates: mirror.cov.ukservers.com
base

  | 3.7 kB 00:00
base/primary_db 

  | 4.7 MB 00:01
extras  

  | 3.4 kB 00:00
extras/primary_db   

  |  37 kB 00:00
mariadb 

  | 2.9 kB 00:00
mariadb/primary_db  

  |  22 kB 00:00
packetfence-extra   

  |  951 B 00:00
packetfence-extra/primary   

  |  74 kB 00:00
packetfence-extra   

 255/255
updates 

  | 3.4 kB 00:00
updates/primary_db  

  | 3.7 MB 00:01
Resolving Dependencies
--> Running transaction check
---> Package packetfence-pki.noarch 0:1.0.4-1.el6 will be installed
--> Processing Dependency: python-pyasn1-modules >= 0.1.7 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-bootstrap3 for package: 
packetfence-pki-1.0.4-1.el6.noarch
--> Processing Dependency: python-django-rest-framework for package: 

Re: [PacketFence-users] DOT1x with LDAP Authenticaion

[Fabrice Durand]

Hi Etienne,

Do you have an example of what you want to send and what is the firewall
type ?

Regards

Fabrice



Le 2016-11-25 à 11:02, Etienne Vella a écrit :
> Hi,
>
> Thanks for your reply but I'm not able to modify any classes there.
>
> Any ideas on how to do class mappings? 
>
> Regards 
> Et
>
> On Fri, 25 Nov 2016, 15:59 Fabrice Durand,  > wrote:
>
> Hello Etienne,
>
> this feature is called firewall sso in PacketFence, have a look in
> COnfiguration -> Firewall SSO.
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2016-11-25 à 07:07, Etienne Vella a écrit :
>> Hi,
>>
>> I'm currently trying to deploy packetfence to be used with DOT1x
>> and SSO. I managed to configure  Rules Under User Sources ->
>> Active Directory. But I would like to some logic to assign a
>> class in the radius accounting packets so that the firewall could
>> assign that user to that particular group.  Basically in short I
>> would need to modify the class of the accounting packets which
>> are being sent to SSO with specific classes according to specific
>> groups.  Basically we are in the process to eliminate Microsoft
>> NAP for DOT1x
>>
>>
>> Regards,
>> Etienne
>>
>>
>>
>> 
>> --
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> -- 
> Fabrice Durand
> fdur...@inverse.ca  ::  +1.514.447.4918 (x135) 
> ::  www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org) 
>
> 
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DOT1x with LDAP Authenticaion

[Etienne Vella]

Hi,

Thanks for your reply but I'm not able to modify any classes there.

Any ideas on how to do class mappings?

Regards
Et

On Fri, 25 Nov 2016, 15:59 Fabrice Durand,  wrote:

> Hello Etienne,
>
> this feature is called firewall sso in PacketFence, have a look in
> COnfiguration -> Firewall SSO.
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2016-11-25 à 07:07, Etienne Vella a écrit :
>
> Hi,
>
> I'm currently trying to deploy packetfence to be used with DOT1x and SSO.
> I managed to configure  Rules Under User Sources -> Active Directory. But I
> would like to some logic to assign a class in the radius accounting packets
> so that the firewall could assign that user to that particular group.
> Basically in short I would need to modify the class of the accounting
> packets which are being sent to SSO with specific classes according to
> specific groups.  Basically we are in the process to eliminate Microsoft
> NAP for DOT1x
>
>
> Regards,
> Etienne
>
>
>
> --
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] ldap/ad source with SSL

[Antoine Amacher]

Hello Andi,

What you looking for is 
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_authentication 
section 9.2.1


There is no certificate to configure for the source LDAP in itself.

SSL/Start TLS depends on how your LDAP is configured to receive the 
connection for binding.


The configuration of the certificate to authenticate(RADIUS) has to be 
configured /usr/local/pf/conf/radiusd/eap.conf under the section TLS.


Thanks


On 11/25/2016 04:36 AM, Morris, Andi wrote:


Hi all,

Hopefully just a quick one. I can’t find a mention anywhere of how to 
setup LDAPS as a source. I can see that you can select SSL as part of 
the AD source, however I’m not sure where to configure the certificate 
for this. Any pointers?


Cheers,

Andi

-

Andi Morris

IT Security Officer
Cardiff Metropolitan University

T: 02920 205720
E: amor...@cardiffmet.ac.uk 

Skype for Business: amor...@cardiffmet.ac.uk

--



Cardiff Metropolitan University - Queens Anniversary Prizes 2015 
 




--


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  www.inverse.ca
+1.514.447.4918 x130  :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] DOT1x with LDAP Authenticaion

[Etienne Vella]

Hi,

I'm currently trying to deploy packetfence to be used with DOT1x and SSO. I
managed to configure  Rules Under User Sources -> Active Directory. But I
would like to some logic to assign a class in the radius accounting packets
so that the firewall could assign that user to that particular group.
Basically in short I would need to modify the class of the accounting
packets which are being sent to SSO with specific classes according to
specific groups.  Basically we are in the process to eliminate Microsoft
NAP for DOT1x


Regards,
Etienne
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users