Hi Guys,
Thanks a lot for your help and suggestions, now PF is working correctly I
only have a problem with DHCP that is not reaching the DHCP servers of PF
or Production but I think that is a lan problem, We use FLEXconnect like
Jake suggested in central Switching mode, I think is that the correct way.
So anyway thanks again for your help I will keep you updated of the test
that I will perform.
Best Regards,
On Thu, Sep 4, 2014 at 9:01 AM, Louis Munro <[email protected]> wrote:
> On 2014-09-03, at 16:45 , Juan Camilo Valencia <
> [email protected]> wrote:
>
> Hi Jake,
>
> Didn`t start yet, What I understand is:
>
> * Create the object in PF, i.e, configure a new switch with the type WLC.
> * Define the IP in the controller field, I think should be the same as for
> the object.
> * Configure a stronsecretpassword for RADIUS section in the PF switch
> definition.
> * SNMP shouldn`t be necessary, (I think that not, but previously in MAB
> for 2960 I was wrong, so I will configure anyway)
>
> In The side of the controller, I should.
>
> * Define the SSID.
> * Configure WPA + WPA2 for 802.1x Auth.
> * Point RADIUS servers to PF box.
> * Allow AAA override.
>
> Hi Juan,
>
> You are indeed on the right path.
>
> The WLC is very common and well supported. A WISM is essentially the same
> thing but as an addon module for a core switch.
>
> Configuring ntlm authentication is usually easy.
>
> 1. Make sure the server is joined to the domain:
> # net ads testjoin
>
> 2. Test ntlm authentication manually from the server with a valid account
> and password:
> # ntlm_auth --username=you
>
> 3. Once ntm_auth is working manually, make sure radius is correctly
> configured. You can save some time by just copying this file to
> /usr/local/pf/raddb/modules/mschap:
> https://raw.githubusercontent.com/inverse-inc/packetfence/devel/raddb/modules/mschap
>
> 4. Test radius.
> Start radius in debug mode with
> # radiusd -d /usr/local/pf/raddb -X
>
> Ideally I recommend using eapol_test for radius EAP testing as it
> makes it easier to separate controller side issues from server side issues.
> See here for a brief intro to eapol_test:
> http://deployingradius.com/scripts/eapol_test/
> I use it almost daily and it is so much better than fiddling with a
> test device.
>
> Once eapol_test works reliably, then you can test you SSID with a real
> device.
> You may have to disable certificate validation while testing if you
> haven't distributed the radius certificate to the devices.
> That should probably be addressed as a separate item.
>
>
> You do not need LDAP for NTLM authentication. You may need it later if you
> decide to assign VLANs based on group membership.
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
*“Choose a job you love, and you will never have to work a day in your
life”*
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
