Dear all, I am trying to achieve machine authentication for hosts which are binded to Active Directory by using the servicePrincipalName attribute. For windows clients which are sending radius requests with user-name: host/hostname.domain everything works fine, packetfence detects machine authentication and authenticates the client properly:
packetfence httpd.aaa-docker-wrapper[2754]: httpd.aaa(7) INFO:
[mac:x:x:x:x:x:x] is doing machine auth with account ‘host/hostname.domain'.
(pf::radius::_machine_auth_detection)
However, when I am trying to authenticate clients ( MacOS) which are sending
the radius requests in a different user-name format (domain\hostname$) , the
machine_auth_detection always fails and the client can’t be authenticated:
Debug: policy packetfence-set-realm-if-machine {
Debug: if (User-Name =~ /host\/([a-z0-9_-]*)[\.](.*)/i) {
Debug: if (User-Name =~ /host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE
Any help is appreciated.
Thank you.
Best regards,
Periklis
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
