Re: [PacketFence-users] Multiple LDAP Souce and 802.1x Authentication

Thu, 24 Sep 2020 07:34:29 -0700 

Hello there,

802.1x EAP PEAP works in two steps:

1 - Authentication:

- RADIUS where it verify your identity against an Activer Directory with an 
NTLM_auth request

Then, if the authentication is successful, you pass to the step 2:

2 - Authorization:

- PacketFence extract a username from the previous radius authentication and 
tries to find an available connection profile to match that username with a 
source.
- Once it finds a source it will try to do a LDAP request to see if that source 
matches any rule to bring an access duration / unreg date and a role.
- If you match a rule, it takes the unregdate + the role, check where you are 
connecting to translate the role to a VLAN ID or ACL name

Once all that’s done it sends the RADIUS replay with an Access Accept with your 
Authorization in it.

Thanks,

Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>) 




> On Sep 24, 2020, at 6:29 AM, evren korkmaz via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> Hi, 
> 
> I try to use second ldap source on packetfence v10.01 . 
> 
> I think I have completed the necessary configurations completely. While 
> testing, web authentication worked without problems, but 802.1x did not 
> authenticate. While trying to fix the problem i noticed that it is asking 
> only AD for 802.1x authentication not ldap source. 
> 
> Then, i just added the ldap source i just created to the connect profile. 
> Queries should be directed to the ldap source i created based on these 
> settings.But even with these settings it just use AD. If the user is not in 
> AD, the request is still not being sent to LDAP. 
> 
> How can i do 802.1x authentication to the ldap source i am trying to add?
> I will be glad if you help.
> Regards.
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to