Hello Joël,
it's possible if you do machine authentication, only machine that have
been joined to the domain can do machine authentication.
So if PacketFence detect that then you can return a specific vlan (maybe
based on user auth) and if not then reject or return another vlan.
For Macs it's not the same thing since you can't join the machine to the
domain, so the solution should be to tag the device with a role (the
device is in a specific role then bypass the machine auth verification),
or to do a sort system profile (the device authenticate before you log
in the laptop) but it's a little bit more complicate.
Regards
Fabrice
Le 2018-05-24 à 14:39, Tougas, Joël via PacketFence-users a écrit :
Hi,
We are looking into Packetfence to detect and isolate all computers
that aren’t part of our Active Directory domain. I’ve looked through
the documentation and haven’t seen any such violation we could
implement. Is this something feasible i.e. registering computers based
on their domain membership? In a nutshell, I would like to
auto-register all members of the domain (Windows and Macs as well) and
assign the non-members to a separate VLAN.
Thanks for your help!
*Joël Tougas*
Analyste en sécurité informatique
Services informatiques – Bureau de la sécurité et de la gouvernance
tougas.j...@uqam.ca <mailto:tougas.j...@uqam.ca>
*514 987-3000, poste 8249***
*lg_Service-informatique_Interne_COUL***
*servicesinformatiques.uqam.ca <https://servicesinformatiques.uqam.ca/>*
__________________________________________________
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users