Hi Fabrice,
The idea is to have a user to login via dot1x (wired/wireless) then PacketFence should check with Active Directory re credentials then Before authenticating packet fence should check for a particular group to apply the vlan allocation rules. Once authenticated the switch would send accounting packets to Fortigate firewalls with modified class according according to the group which was met in the authentication part. If some one else has a better approach i'm very open for suggestions. At the end we would like to have SSO from the network layer 2 till the firewall. Regards, Et On Fri, Nov 25, 2016 at 5:30 PM, Fabrice Durand <[email protected]> wrote: > Hi Etienne, > > Do you have an example of what you want to send and what is the firewall > type ? > > Regards > > Fabrice > > > > Le 2016-11-25 à 11:02, Etienne Vella a écrit : > > Hi, > > Thanks for your reply but I'm not able to modify any classes there. > > Any ideas on how to do class mappings? > > Regards > Et > > On Fri, 25 Nov 2016, 15:59 Fabrice Durand, <[email protected]> wrote: > >> Hello Etienne, >> >> this feature is called firewall sso in PacketFence, have a look in >> COnfiguration -> Firewall SSO. >> >> Regards >> >> Fabrice >> >> >> >> >> Le 2016-11-25 à 07:07, Etienne Vella a écrit : >> >> Hi, >> >> I'm currently trying to deploy packetfence to be used with DOT1x and SSO. >> I managed to configure Rules Under User Sources -> Active Directory. But I >> would like to some logic to assign a class in the radius accounting packets >> so that the firewall could assign that user to that particular group. >> Basically in short I would need to modify the class of the accounting >> packets which are being sent to SSO with specific classes according to >> specific groups. Basically we are in the process to eliminate Microsoft >> NAP for DOT1x >> >> >> Regards, >> Etienne >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> ------------------------------------------------------------ >> ------------------ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Cheers Etienne
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
