Hi, I am currently setting up Packetfence for a project and I am trying to get 802.1x via Certificate to work but cannot quite figure it out. Here's what I did so far: I created a Root- and Intermediate-CA with XCA and made a Certificate for Packetfence. I placed those under Radius -> PKI SSL Certificates and made a TLS Profile where I selected the Cert. I then created an EAP Profile where I made the EAP Type to "TLS" and selected the previously made TLS Profile. After that I made a Realm where I selected the EAP Configuration Profile. Next I setup an Authentication Source where I selected the associated Realm I just made and added an Authentication Rule Action to set a Role i created (that Role is also configured on the Switch Group) and an Access duration of 12 hours. I thought I could maybe select some Certificate Options/Attributes in the Conditions, but I didn't find an option like that. Then i made a Connection Profile where I filtered the Connection Type to be Ethernet-EAP and selected the Source i created previously, but it didn't seem to work. I am unsure if most of that even made sense because I couldn't find the right guide for my usecase, where I want to automatically assign VLANs on the Switchports based on Attributes in the Certificate from the client. I looked through the Docs and found Radius Enforcement which sounded like what I want to do, but it was very brief. Can someone that setup something similar tell me if what I'm trying to do is possible and what I need to do differently? Thank you in advance! --- Mit freundlichen Grüßen Im Auftrag
[cid:[email protected]] Herr T. Menzel Auszubildender Aldegreverstr. 10 - 14 | 33102 Paderborn [cid:[email protected]] +49 5251 308-1380 [cid:[email protected]] [email protected] <mailto:[email protected]> | [cid:[email protected]] www.kreis-paderborn.de [cid:[email protected]] [cid:[email protected]] _ <https://www.youtube.com/@KreisPaderbornOffiziell> [cid:[email protected]] _ <https://de.linkedin.com/company/kreis-paderborn> [cid:[email protected]] _ <https://whatsapp.com/channel/0029VaarDzND38CJrFssEb46> [cid:[email protected]] Bitte prüfen Sie der Umwelt zuliebe, ob diese E-Mail wirklich ausgedruckt werden muss.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
