Hello Enrico, Maybe you could try a vlan filter that check the username as the computer name and auto-register it and assign a role.
It’s manageable if you have not too many rules for computers authentication. Thanks, Ludovic Zammit > On Aug 5, 2019, at 5:03 PM, Enrico Pasqualotto <[email protected]> > wrote: > > Hi Ludovic, thanks for the explanation. I re-check my config and all was > correctly configured. > Today I found the issue, my second domain is longer that principal and the > username for machine authentication exceed the MS limit > (host/MY_PC_WITH_LONG_NAME.mysecond_domain.local). By renaming the COMPUTER > NAME with a shorter value all is working now. > > I was looking at the wrong side because the error message isn't clear (seems > general auth issue). > > Is there some workaround to avoid renaming PC? > > Enrico. > > On 02/08/19 13:52, Ludovic Zammit wrote: >> Hello Enrico, >> >> You have to create a realm with your domainName.local and enable “Strip in >> RADIUS authorization” then on your connection profile you will need an AD >> source with the “Username Attribute” with sAMAccountName and >> servicePrincipalName. >> >> >> >> It will allow you authenticate users and computers. >> >> Thanks, >> >> >> >>> On Aug 2, 2019, at 6:53 AM, Enrico Pasqualotto via PacketFence-users >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi all, I have two domain: >>> >>> mydomain1.local >>> >>> mydomain2.local >>> >>> configured with their REALM (MYDOMAIN1 & MYDOMAIN2) and all user auth are >>> working well over RADIUS + Active-Directory. >>> >>> Machine_authentication are working well for domain1.local because I have >>> set the domain in the REALM NULL & DEFAULT. >>> >>> Machine auth username come with this format: host/$PCNAME$.mydomainX.local >>> >>> How can I manage the machine auth for multiple domain, I've tried to add a >>> new REALM mydomain2.local but doesn't work. >>> >>> Anyone can point me to the right configuration? How is the REALM retrieved >>> on machine_auth? >>> >>> Thanks >>> >>> -- >>> Enrico Pasqualotto >>> >>> >>> Private mail: [email protected] <mailto:[email protected]> >>> Office: +39 045 9971269 >>> >>> >>> Le informazioni contenute in questo messaggio di posta elettronica e negli >>> eventuali allegati sono riservate e confidenziali e sono indirizzate >>> esclusivamente al destinatario. Si prega di non fare copia, inoltrare a >>> terzi o conservare tale messaggio se non si è il legittimo destinatario >>> dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si >>> prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio >>> computer. >>> >>> The information contained in this message and in any attachment is intended >>> exclusively for the recipient. If you are not the intended recipient you >>> are hereby notified not to copy, save, disclose, or distribute it to any >>> third party. If you erroneously received this message you are kindly >>> requested to return it to the sender and eliminate it permanently from your >>> computer. >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> > > -- > Enrico Pasqualotto > > > Private mail: [email protected] <mailto:[email protected]> > Office: +39 045 9971269 > > > Le informazioni contenute in questo messaggio di posta elettronica e negli > eventuali allegati sono riservate e confidenziali e sono indirizzate > esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi > o conservare tale messaggio se non si è il legittimo destinatario dello > stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di > rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. > > The information contained in this message and in any attachment is intended > exclusively for the recipient. If you are not the intended recipient you are > hereby notified not to copy, save, disclose, or distribute it to any third > party. If you erroneously received this message you are kindly requested to > return it to the sender and eliminate it permanently from your computer.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
