Following there is a copy of profiles.conf: [8021x] locale= filter=connection_type:Ethernet-EAP description=Profile para 802.1x sources=AD-visanet autoregister=enabled # # Copyright (C) 2005-2018 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html
Thanks, Marcelo > On Sep 25, 2018, at 10:14, Marcelo Pepe <[email protected]> wrote: > > Hi, can anyone help me with this? > > Thanks, > regards, > Marcelo > > > >> On Sep 20, 2018, at 15:33, Marcelo Pepe <[email protected]> wrote: >> >> Hi everyone, >> >> I'm having problems configuring PF to authenticate users using 802.1X and >> MAC Authentication. >> >> I have a PacketFence installed and working properly against an AD and I have >> configure a Cisco switch using 802.1X and MAC Authentication to authenticate >> users, I configured the Switch with the proper parameters (also in PF) and I >> have configured a Connection Profile that uses the AD Authentication Source >> (using filter: Connection Type: Ethernet-EAP) to match users from 802.1X >> authentication. >> >> The connection between the Switch and PF is working perfect and 802.1X >> authentication is working fine against the AD but the problem that I'm >> having right now is that when 802.1X fails, the PC/Device tries MAC >> Authentication (which is ok) and always got access to the network, PF is >> always permitting this access without any filter. >> >> When a PC or Device connects to the Cisco switch I want to first try to >> authenticate using 802.1X and, if it's doesn't have a 802.1x supplicant, I >> want to use MAC Authentication to access the network. But, when doing MAC >> Authentication I want PF to check against an 'Authorized MAC list' (that is, >> a list of MAC that are permitted to access the network) or something >> similar, and, as I described before, it's not what it's happening. >> >> How can I configure PF to stop letting access to every device using MAC >> Authentication and check if the MAC it's permitted in a list or something >> similar to let the device access? >> >> I've been searching in the Documentation and in the >> packetfence-users-discussion-list to find an answer but I didn't found the >> right one, so I decided to write here. >> >> Can someone help me with this? Is it possible to configure what I want? >> >> To add more information, I'm thinking of configuring a new Connection >> Profile with a filter: Connection type: WIRED_MAC_AUTH but I really don't >> know which Source to configure in that Profile. I think that maybe I can use >> a Radius authentication Source and then configure the Freeradius (the one >> that it;s installed with PF) to use a white list of MACs but I really don't >> know if it will work in this case. Could it be possible? >> >> Thanks in advance for your help, >> regards, >> Marcelo >> >> >> > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
