Re: [PacketFence-users] Machine Authentication

And don't forget to restart RADIUS services after your update your REALMS ;-) -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank

Re: [PacketFence-users] Give users the opportunity to enter their credentials

Hello Leonardo, Could you describe why you want a wired user to be able to register using 802.1X and MAC auth at different moment ? -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence

Re: [PacketFence-users] PacketFence, UniFi and Fortigate

Hello Jeff, On 02/07/2020 20:31, Jeff Goodman via PacketFence-users wrote: I have packetfence configured for SSO and configured it to send the auth to my fortigate which is receiving the information but the username that I am receiving is the MAC Address not the username. 1. Could you share

Re: [PacketFence-users] Clustering Guide Sanity Check

Here is my setup: 1. 3 x CentOS 7 (fully up-to-date) w/ SELinux *disabled *+ firewalld *disabled *and *masked *+ IPv6 *disabled *(via sysctl.conf and /etc/defaults/grub ipv6.disable=1). I also have net.ipv4.ip_nonlocal_bind = 1 in sysctl.conf. Xtrabackup is also installed. Each box is

Re: [PacketFence-users] Give users the opportunity to enter their credentials

Hello Leonardo, I think It won’t help much adding a delay in the radius for mac authentication. https://www.alliedtelesis.com/sites/default/files/documents/feature-guides/aaa_and_port_authentication_feature_overview_guide.pdf

Re: [PacketFence-users] Give users the opportunity to enter their credentials

Hi Nicolas, the client would like to make config of all the ports of a switch homogeneous, avoiding having to choose before what to attack and where, in addition, it is also required to implement VLAN Enforcements with a Registration portal (MAC auth is not a way for this option?) By

Re: [PacketFence-users] Give users the opportunity to enter their credentials

Hi Ludovic, I have tried two-step authentication but it wants both MAC and 802.1x authentication to be succeeded. So it preclude device like printers to be allowed and to implement Registration VLAN enformcements via RADIUS. Thanks Ludovic Zammit ha scritto: Hello Leonardo,  I

Re: [PacketFence-users] PacketFence, UniFi and Fortigate

Here you are. Thank you! - Original Message - From: "Nicolas Quiniou-Briand via PacketFence-users" To: packetfence-users@lists.sourceforge.net Cc: "Nicolas Quiniou-Briand" Sent: Monday, July 6, 2020 5:40:35 AM Subject: Re: [PacketFence-users] PacketFence, UniFi and Fortigate Hello

Re: [PacketFence-users] Authentication Rules mismatch

Hello Giacinto, Could you show your conf/profiles.conf please? Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) and

[PacketFence-users] Authentication Rules mismatch

I am running the following test to solve a problem but Authentication Rules mismatch 2 users giacinto.caretto and caretto.giacinto both belonging to the OU = OU-Dipendenti mac-auth by captive portal: if login caretto.giacinto >> role = default and access duration 1 hour if login

Re: [PacketFence-users] Give users the opportunity to enter their credentials

  Hi Ludovic, I also think that inserting a delay does not completely solve the problem (there is also the risk of race conditions on authorization process), but I have seen that Cisco's behavior allows an uneducated user with a laptop to easily connect by simply disconnecting and

Re: [PacketFence-users] Machine Authentication

Hey Fabrice, Removed the Host realm, added the domain.local realm.  I set this realm to not strip on radius.  Is that correct? Still getting can't connect to this network on the test device.   Here are the two logs:Radius.log (on the second attempt to join the ssid shown below I unchecked

Re: [PacketFence-users] Authentication Rules mismatch

Try to do it on the captive portal and see if it works. Look at the logs/packetfence.log to see what happens. grep MAC-ADDRESS /usr/local/pf/logs/packetfence.log It will show why it did not match. Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145)

[PacketFence-users] Clustering Guide Sanity Check

Greetings, I've been pulling my hair out trying to get a 3-node PF Cluster running. Has anyone recently followed the clustering guide running the latest PF version? I'm usually pretty good at following instructions, but there is something very broken about the clustering guide. Anybody have

Re: [PacketFence-users] Clustering Guide Sanity Check

Hello Christian, in which step do you have an issue ? Regards Fabrice Le 20-07-06 à 18 h 49, Christian McDonald via PacketFence-users a écrit : Greetings, I've been pulling my hair out trying to get a 3-node PF Cluster running. Has anyone recently followed the clustering guide running

Re: [PacketFence-users] Machine Authentication

Hi Fabrice, When I do a test from the AD_Domain-Computers Auth Source I get a green check. Here is the authentication.conf Thanks for the help. # Copyright (C) Inverse inc.[local]description=Local Userstype=SQL [file1]description=Legacy

Re: [PacketFence-users] Machine Authentication

Le 20-07-06 à 22 h 01, Michael Brown a écrit : Hi Fabrice, When I do a test from the AD_Domain-Computers Auth Source I get a green check. Ok good. Here is the authentication.conf Thanks for the help. # Copyright (C) Inverse inc. [local] description=Local Users type=SQL [file1]

Re: [PacketFence-users] Machine Authentication

Hello Michael, Le 20-07-06 à 10 h 37, Michael Brown a écrit : Hey Fabrice, Removed the Host realm, added the domain.local realm.  I set this realm to not strip on radius.  Is that correct? yes it 's ok Still getting can't connect to this network on the test device. Here are the two