Hi Adrian,
with machine auth the realm is host not SUBDOMAIN.
So you can add another realm in packetfence (host) and to be able to
match the machine account in the AD source (the second one with
userPrincipalName as user attribute
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#example)
Regards
Fabrice
Le 2015-04-03 08:17, Calugaru Adrian a écrit :
Hi guys,
I'm trying to do some Computer authentication thru Dot1x and I'm
having some issues to send the requests to the right realm.
Here's the radius debug:
rad_recv: Access-Request packet from host 10.x.x.x port 1645, id=190,
length=278
User-Name = "host/IIR0010020.subdomain.domain.com"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-1A-A1-28-F3-97"
Calling-Station-Id = "F8-BC-12-72-56-26"
EAP-Message =
0x0208002b1900170301002018d4cd51bc36a5fa3edb34c9fe43eeeff3d4c763d757fa41e4d27c8a8a2d37d3
Message-Authenticator = 0xc1002280995cbbefd27b5eb2fbbce8dd
Cisco-AVPair = "audit-session-id=0AA61CFA000005072129460A"
NAS-Port-Type = Ethernet
NAS-Port = 50121
NAS-Port-Id = "FastEthernet1/0/21"
State = 0x5ef46a5558fc73d206b4c01fd05df580
NAS-IP-Address = 10.x.x.x
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "host/IIR0010020.subdomain.domain.com",
looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name =
"host/IIR0010020.subdomain.domain.com"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
I have a realm created for SUBDOMAIN and if I'm doing user
authentication - everything works ok but when doing Computer
authentication the request is not sent to the REALM but using the LOCAL.
Any ideas ?
Thank you
Adrian
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users