Re: [PacketFence-users] Domain Member check/violation

Fri, 25 May 2018 05:56:55 -0700 

Hello Joël,
it's possible if you do machine authentication, only machine that have been joined to the domain can do machine authentication. 


So if PacketFence detect that then you can return a specific vlan (maybe 
based on user auth) and if not then reject or return another vlan.



For Macs it's not the same thing since you can't join the machine to the 
domain, so the solution should be to tag the device with a role (the 
device is in a specific role then bypass the machine auth verification), 
or to do a sort system profile (the device authenticate before you log 
in the laptop) but it's a little bit more complicate.


Regards

Fabrice



Le 2018-05-24 à 14:39, Tougas, Joël via PacketFence-users a écrit :


Hi,


We are looking into Packetfence to detect and isolate all computers 
that aren’t part of our Active Directory domain. I’ve looked through 
the documentation and haven’t seen any such violation we could 
implement. Is this something feasible i.e. registering computers based 
on their domain membership? In a nutshell, I would like to 
auto-register all members of the domain (Windows and Macs as well) and 
assign the non-members to a separate VLAN.


Thanks for your help!

*Joël Tougas*
Analyste en sécurité informatique
Services informatiques – Bureau de la sécurité et de la gouvernance

tougas.j...@uqam.ca <mailto:tougas.j...@uqam.ca>
*514 987-3000, poste 8249***

*lg_Service-informatique_Interne_COUL***

*servicesinformatiques.uqam.ca <https://servicesinformatiques.uqam.ca/>*

__________________________________________________



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to