Ludvic, Thanks for the quick reply…
Looking in the log, I think I found the issue in this log entry: Apr 30 08:58:19 PFserver packetfence_httpd.aaa: httpd.aaa(2385) INFO: [mac:XX:XX:XX:XX:XX:XX] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Here is a screenshot of my 802.1x profile settings, which I think are correct – but I’m probably wrong lol : [cid:image002.jpg@01D61ECF.7654F0B0] Thanks, Bill From: Ludovic Zammit <lzam...@inverse.ca> Sent: Thursday, April 30, 2020 7:52 AM To: Bill Handler <bhand...@pcsknox.com> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] 802.1x Computer and User Authentication Hello Bill, It looks like when it’s doing the user authentication the EAP authentication happens correctly but the Authorization does not work by not matching your rule in your AD source. Could you paste a user authentication from the logs/packetfence.log? Remove personal infos. My guess is that your real is not strip thus it’s not passing the correct username to ad source and not matching. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) On Apr 29, 2020, at 4:48 PM, Bill Handler via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Checking on if this is possible with PacketFence (using v10)… For 802.1x authentication, we have set up for Users and Computers to authenticate. Currently, when a machine accesses the network it is automatically authenticated and gets the Machine role (we’re working with Windows 10 and GPO). When a user logs onto that machine, the user is authenticated, that user becomes the ‘Owner’ of that device – listed in the nodes section and RADIUS Audit Log Entry, however, the end-system/node keeps the machine role, and does not get the user’s role. Within the connection profile for 802.1x, we have the sources set so that the source for user auth (AD) is set above the machine auth, so it should get the role from the user auth source. I’ve verified using pftest and that user is authenticating against that role. We’ve used another NAC solution and when a user logs into the machine under the same circumstances, the role flips to the user role. What I think happens/is supposed to happen is when a user logs into the machine, the machine logs out/deauthenticates so the user role is applied to the user. That is not happening with PacketFence. Any ideas on how to make this happen? Thanks, Bill _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users