Hi Etienne, Ok so here what you have to do:
Join packetfence to your domain. Create an authentication source with rule that will assign role based on group membership Create a firewall sso config to send accounting packetfence to your fortigate. That's all, there no need to tell the switch to send accounting packets , PacketFence will do it for you. If you want i am available on the freenode irc #packetfence channel if you want more details. Regards Fabrice Le 2016-11-25 à 12:30, Etienne Vella a écrit : > Hi Fabrice, > > > The idea is to have a user to login via dot1x (wired/wireless) then > PacketFence should check with Active Directory re credentials then > Before authenticating packet fence should check for a particular group > to apply the vlan allocation rules. Once authenticated the switch > would send accounting packets to Fortigate firewalls with modified > class according according to the group which was met in the > authentication part. > > > If some one else has a better approach i'm very open for suggestions. > At the end we would like to have SSO from the network layer 2 till the > firewall. > > Regards, > Et > > > On Fri, Nov 25, 2016 at 5:30 PM, Fabrice Durand <[email protected] > <mailto:[email protected]>> wrote: > > Hi Etienne, > > Do you have an example of what you want to send and what is the > firewall type ? > > Regards > > Fabrice > > > > Le 2016-11-25 à 11:02, Etienne Vella a écrit : >> Hi, >> >> Thanks for your reply but I'm not able to modify any classes there. >> >> Any ideas on how to do class mappings? >> >> Regards >> Et >> >> On Fri, 25 Nov 2016, 15:59 Fabrice Durand, <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello Etienne, >> >> this feature is called firewall sso in PacketFence, have a >> look in COnfiguration -> Firewall SSO. >> >> Regards >> >> Fabrice >> >> >> >> >> Le 2016-11-25 à 07:07, Etienne Vella a écrit : >>> Hi, >>> >>> I'm currently trying to deploy packetfence to be used with >>> DOT1x and SSO. I managed to configure Rules Under User >>> Sources -> Active Directory. But I would like to some logic >>> to assign a class in the radius accounting packets so that >>> the firewall could assign that user to that particular >>> group. Basically in short I would need to modify the class >>> of the accounting packets which are being sent to SSO with >>> specific classes according to specific groups. Basically we >>> are in the process to eliminate Microsoft NAP for DOT1x >>> >>> >>> Regards, >>> Etienne >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> >> -- >> Fabrice Durand >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 >> <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca <http://www.inverse.ca> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >> PacketFence (http://packetfence.org) >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------------------------ > _______________________________________________ PacketFence-users > mailing list [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > -- > Cheers Etienne > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
