Hi, I’ve setup 802.1x for my wireless. I initially started using NPS but it didn't have the flexibility I wanted for dynamic VLAN assignment. So I've setup packetfence and my clients can authenticate but they're not getting assigned the roles I'd like, to then go in the appropriate VLAN.
Specifically I want to assign roles based on organisational unit. Am I correct, that the (best) way to do this is to create an active directory source for each role with a rule that then checks the distinguished name to get the organisational unit with the action to assign the appropriate role? As I say, at the moment this doesn't appear to work, but I haven't tried to debug it yet, so I might have made a silly mistake somewhere. Initially I setup the client to skip verification of the server's certificate to see the radius requests coming in. Later I re-enabled the verification and added the certificates to the trusted root store but received an error about a valid trust anchor for this profile. I believe I can override this by specifying the specific certificate in group policy but I didn't really understand the error message. Ultimately I have a Microsoft PKI setup so I'd like to assign a certificate from this. The manual says I then edit the "/usr/local/pf/conf/radiusd/eap.conf" and point the relevant settings at the certificates files approved by my Microsoft PKI. Is that sufficient? And will I still get the error about a valid trust anchor? I don't believe I encountered that issue with NPS. Thanks John ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
