Maciej Uhlig wrote: > HP wired switch authentication can be configured in a way which allows > 802.1x but - if user's client doesn't have a supplicant - MAC > authentication is performed. I'd like however to force 802.1x > authentication for a group of users, namely users authenticating via a > specific source, let's say, LDAP. Is it possible to configure such > functionality in PacketFence? > > Something like: if user can be found in LDAP source do not allow MAC > auth and require 802.1x auth.
I haven't tried this, but it *appears* this is possible in 4.x.. Rules can have several conditions, so set it up something like this : Connection-Type is EAP memberOf equals cn=somegroup,ou=groups,o=mycompany And set it to match all conditions.. Make sure those rules come before rules that don't check for ldap memberships. I *think* that'll do it.. Though I'm not sure if MAB will come through as EAP .. > MU -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
