First time setup - having some trouble with 802.1x EAP-TLS and AD
Authentication.
Audit Information Returning VLAN 91 (Unregistered VLAN)
Corporate-Machine (or Corporate-User) should return VLAN 10.
Am I not supposed to chain 802.1x together with PF Authentication?
It's quite possible I'm not doing this right, but I setup an Auth rule and
assigned the appropriate roles and vlans to those roles...
Here's some additional info...somewhat sanitized.
RADIUS Request User-Name = "host/DESKTOP-6U152VD.mydomain.local"
NAS-IP-Address = x.x.x.3
NAS-Port = 1
Framed-IP-Address = 169.254.131.196
Framed-MTU = 1400
State = 0x55d311af5ecd1c12b3dbfec11ed99383
Called-Station-Id = "3a:5b:0e:2e:be:90:corp-wlan"
Calling-Station-Id = "bc:85:56:61:d4:0b"
NAS-Identifier = "x.x.x.21/5246-corp-wlan"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "5A010398-00026452"
Event-Timestamp = "Nov 19 2017 20:00:03 EST"
Connect-Info = "CONNECT 0Mbps 11N_5G"
EAP-Message = 0x021e00060d00
Message-Authenticator = 0xb2c94b69d3ea063856c1ed222f2d2865
EAP-Type = TLS
Stripped-User-Name = "host/DESKTOP-6U152VD.mydomain.local"
Realm = "null"
FreeRADIUS-Client-IP-Address = x.x.x.3
Called-Station-SSID = "corp-wlan"
Tmp-String-1 = "bc855661d40b"
TLS-Cert-Serial = "4400000003c77f32429e20e6ed000000000003"
TLS-Cert-Expiration = "270306042911Z"
TLS-Cert-Issuer = "/C=US/O=mydomain/OU=PKI/CN=mydomain Corporate Root CA G1"
TLS-Cert-Subject = "/DC=local/DC=mydomain/CN=mydomain Corporate
Autoenrollment CA G1 S01"
TLS-Cert-Common-Name = "mydomain Corporate Autoenrollment CA G1 S01"
TLS-Client-Cert-Serial = "6a0000158bac2d3df1436f4baf00010000158b"
TLS-Client-Cert-Expiration = "191116204434Z"
TLS-Client-Cert-Issuer = "/DC=local/DC=mydomain/CN=mydomain Corporate
Autoenrollment CA G1 S01"
TLS-Client-Cert-Subject = "/CN=DESKTOP-6U152VD.mydomain.local"
TLS-Client-Cert-Common-Name = "DESKTOP-6U152VD.mydomain.local"
TLS-Client-Cert-X509v3-Extended-Key-Usage = "TLS Web Server Authentication
TLS Web Client Authentication"
TLS-Client-Cert-X509v3-Subject-Key-Identifier =
"04:44:15:39:14:EE:0E:A9:69:59:37:16:CD:DA:94:14:3A:68:87:26"
TLS-Client-Cert-X509v3-Authority-Key-Identifier =
"keyid:A6:E1:0D:92:EE:22:E3:27:58:02:E7:56:33:BE:44:53:9A:CD:A7:8D\n"
TLS-Client-Cert-Subject-Alt-Name-Dns = "DESKTOP-6U152VD.mydomain.local"
User-Password = "******"
SQL-User-Name = "host/DESKTOP-6U152VD.mydomain.local"
RADIUS Reply MS-MPPE-Recv-Key =
0x5a12d15c537cb9548201bdc6787acc5d171b95fc685c728a730cd65b2b5ff784
MS-MPPE-Send-Key =
0x57866b78adf7dee2f09cbc2633394fb022e08f2f4bc47b26a60138092e702665
EAP-MSK =
0x5a12d15c537cb9548201bdc6787acc5d171b95fc685c728a730cd65b2b5ff78457866b78adf7dee2f09cbc2633394fb022e08f2f4bc47b26a60138092e702665
EAP-EMSK =
0xc4b2f601caf22a037196ae1a52c1d132be343648e032933617ef1106bfde65b5b9527a7be716677be6ae654a36e75b9896301388b50be6d2aa945275e34d78f5
EAP-Session-Id =
0x0d5a1229135ec4c3c0df3ea2b164c83df98e81808b00e4f3acbeb20407bfd3581cbd25466430f9e2e15d2b76e649b86ccf550701a919848ad832d580be99283a0c
EAP-Message = 0x031e0004
Message-Authenticator = 0x00000000000000000000000000000000
Stripped-User-Name = "host/DESKTOP-6U152VD.mydomain.local"
Tunnel-Type = VLAN
Tunnel-Private-Group-Id = "91"
Tunnel-Medium-Type = IEEE-802
pftest authentication with the hostname returns the appropriate response
(Bad password though)
Authenticating against machineAuth
Authentication FAILED against machineAuth (Invalid login or password)
Matched against machineAuth for 'authentication' rules
set_role : corporate-machine
set_unreg_date : 2038-01-01
Did not match against machineAuth for 'administration' rules
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
