Please do that: grep MAC-ADDRESS /usr/local/pf/logs/packetfence.log
Show the output please. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Feb 15, 2024, at 9:49 AM, Andrey Chernyakov <chernya...@npsconsult.com> > wrote: > > Hello Ludovic, > > Thanks for your reply. > > It’s clear, there are no connections to domain controllers, RADIUS is signed > with valid certificate from Microsoft PKI and EAPTLS authentication works > well. > But Authentication source defined to use EAPTLS is just ignored by > authentication process, machines aren’t getting the role defined in > authentication rule (even with no conditions, catch-all rule), they always > get registration role. > > -- > Andrey Chernyakov > Senior Network and Security Engineer > > email: chernya...@npsconsult.com <mailto:chernya...@npsconsult.com> > > NPS Consult S.A. > L-5687, Dalheim > Luxembourg > On 15 Feb 2024 at 15:11 +0100, Zammit, Ludovic <luza...@akamai.com>, wrote: >> Hello Andrey, >> >> For EAP TLS you don’t need to join the PF servers to your domain. >> >> You will need to add the Root CA that signed the user/computer certs under >> Configuration > System Configuration > SSL Certificates > RADIUS > RADIUS >> Certification Authority Certificate(s). >> >> Thanks, >> >> >> >> Ludovic Zammit >> Product Support Engineer Principal Lead >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!V4Q1ky41dYg78z1GC_G4IPZSgG7f107g8VT6janIuP-KRH6_Qga6cyXxfAeVsN-a6anSRRTMKB0AlBUHg9LTKQ$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!V4Q1ky41dYg78z1GC_G4IPZSgG7f107g8VT6janIuP-KRH6_Qga6cyXxfAeVsN-a6anSRRTMKB0AlBXfVKXWbA$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!V4Q1ky41dYg78z1GC_G4IPZSgG7f107g8VT6janIuP-KRH6_Qga6cyXxfAeVsN-a6anSRRTMKB0AlBVXKDnHPg$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!V4Q1ky41dYg78z1GC_G4IPZSgG7f107g8VT6janIuP-KRH6_Qga6cyXxfAeVsN-a6anSRRTMKB0AlBXi_MZTOw$> >> >>> On Feb 14, 2024, at 8:22 AM, Andrey Chernyakov via PacketFence-users >>> <packetfence-users@lists.sourceforge.net> wrote: >>> >>> Hi, PacketFence community, >>> >>> Currently I’m evaluating EAPTLS authentication with machine certificates in >>> my lab for wired network, but Authentication Source with EAPTLS doesn’t >>> seem to be working. >>> >>> From my perspective, the configuration is good, EAP profile prefers TLS >>> authentication, RADIUS has valid certificate signed by the same CA as >>> machine certificates with I use for EAPTLS authentication. Connection >>> profile allows auto-registration of devices. Authentication source should >>> catch-all authentication attempts and assign devices to role (gaming, for >>> example). >>> >>> The problem with such configuration is - devices are authenticated and >>> auto-registered, but they aren’t matched with authentication source rules >>> (last screenshot with log can prove it), and they are respectively >>> registered with no role. But I need role in order to be able to assign >>> devices with relevant profile. Below you can find screenshots from my lab, >>> any ideas how to fix it? >>> >>> Appreciate your help in advance! >>> >>> <Screenshot 2024-02-12 at 16.04.15.png> >>> <Screenshot 2024-02-12 at 16.04.48.png> >>> <Screenshot 2024-02-12 at 16.05.35.png> >>> <Attachment.png> >>> >>> -- >>> Andrey Chernyakov >>> Senior Network and Security Engineer >>> >>> email: chernya...@npsconsult.com <mailto:chernya...@npsconsult.com> >>> >>> NPS Consult S.A. >>> L-5687, Dalheim >>> Luxembourg >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!V0y-cm6QtbaX3LNvCqTm9ryY2N_3aGEiu4ikb0nOrYFq0feBL78xaFufS1HdtCJqH2S1thqJ0SJep9YaqRkOwJLp6aDXvcSB4ve5CA$ >>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
