Hello Ludovic,
the authentication mode on the computer (windows, wired autoconfig) is
set to "computer authentication" or do you refer to a setting within
packetfence? The PF authentication Source uses servicePricipalName as
Username Attribute, is there any other setting to come into play?
Wouldn't packetfence know from the prefix /host (or hostname$) to
interpret the name as machine-name? Would there be any helpful
information in the debug logs.
Thank you,
Jochen
On 05.03.2024 17:25, Zammit, Ludovic wrote:
I think the answer is that you have to do computer authentication only,
because I think you do computer + user authentication and the user
authentication overrides the computer authentication.
We would like to use packetfence for Dot1X EAP-TLS authentication
based on machine certificates with the hostname as the
TLS-Client-Cert-Common-Name (the user of the machine afterwards
authenticates against AD directly).
The role-mapping and authentication itself in PF works well, but as a
sort of irksome result the authenticated (and auto-registered) machine
lists on the Nodes tab with the corresponding MAC address and an empty
computername. Instead the hostname is shown as owner and the machine
name is registered under the Users tab with the FQDN, together with
other regular (i.e. "real") user's accounts.
Auditing->Node Information shows Computer Name N/A and username
host/hostname.domain.tld
The Authentication Source uses servicePricipalName as Username
Attribute, that is the only hint I found to distingish between user
and machine authentication.
Is there some way to treat the hostname to show up as node instead of
user as normally indicated by the form host/... or hostname$
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users