Re: [PacketFence-users] Packetfence set role by mac not user...

2020-09-24 Thread Fetakungen Virtual Adventurer via PacketFence-users 
Thanks, tried but the same result. User Gets approved but role get decided by 
the “node” so if I don’t assign a role after the node is registered it does the 
same. If i assign a role the node / mac the system assign the role to the user 
as expected.

This is how it looks with a role assigned to the node. My vlan is assigned 
correctly, but since I now have to set the vlan manually for every node my user 
group rules does squat…




Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => 
(10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => 
(08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => 
"vim-foradsgatan-d1s1-a1@.local" (pf::radius::authorize)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'x' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: 
[mac:08:f1:ea:3f:11:40] No category computed for autoreg 
(pf::role::getNodeInfoForAutoReg)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'x' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from 
node_info (pf::role::getRegisteredRole)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Username was defined 
"vim-foradsgatan-d1s1-a1@.local" - returning role 'Office_Switch' 
(pf::role::getRegisteredRole)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: (undefined), 
Role: Office_Switch (pf::role::fetchRoleForNode)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS 
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] security_event 133 force-closed for 
08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => 
(10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => 
(08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => 
"vim-foradsgatan-d1s1-a1@.local" (pf::radius::authorize)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'x' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: 
[mac:08:f1:ea:3f:11:40] No category computed for autoreg 
(pf::role::getNodeInfoForAutoReg)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'x' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from 
node_info (pf::role::getRegisteredRole)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Username was defined 
"vim-foradsgatan-d1s1-a1@.local" - returning role 'Office_Switch' 
(pf::role::getRegisteredRole)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: (undefined), 
Role: Office_Switch (pf::role::fetchRoleForNode)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS 
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] security_event 133 force-closed for 
08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close)
Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: 
[mac:08:f1:ea:3f:11:40] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)


“] Connection type is MAC-AUTH. Getting

Re: [PacketFence-users] Packetfence set role by mac not user...

2020-09-24 Thread Ludovic Zammit via PacketFence-users 
Hello there,

You need to split the username in your default realm:



Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Sep 23, 2020, at 5:59 PM, Fetakungen Virtual Adventurer via 
> PacketFence-users  wrote:
> 
> Hi I’ve stil have problem with my role assignment when im trying to use 
> radius auth for my HP Access Switches. 
> 
> The config is aaa authentication port-access chap-radius Server-group "XX” / 
> aaa port-access authenticator X/XX on the Authenticating switch which in this 
> case is 10.0.20.2 and the access switch (supplicant) config is : aaa 
> port-access supplicant 25 identity office-1@.local 
>  secret y
>  
> The authentication request is approved but instead of using the username for 
> role assignment it seems to use the “node” role which is put on the access 
> switch mac in this case f8:60:f0:33:00:80 when the node is “auto registered” 
> as the role by default is no role, no role is assigned. So there is the 
> “explantion”, but why is this happening ? 
> 
> In the authentication source which is being used the rule are to put the 
> switch with role “office_switch”. But since packetfence only authenticate the 
> user and then try so assign role by mac this fails/ are being skipped.. 
> 
> This rule works fine with pftest… The output of pftest is this:
> 
> Authenticating against 'VEMAB' in context 'admin'
>   Authentication SUCCEEDED against VEMAB (Authentication successful.)
>   Matched against VEMAB for 'authentication' rule SWITCH
> set_role : Office_Switch
> set_access_duration : 1D
>   Did not match against VEMAB for 'administration' rules
>  
> Authenticating against 'VEMAB' in context 'portal'
>   Authentication SUCCEEDED against VEMAB (Authentication successful.)
>   Matched against VEMAB for 'authentication' rule SWITCH
> set_role : Office_Switch
> set_access_duration : 1D
>   Did not match against VEMAB for 'administration' rules
> 
>  
> The output of packetfence.log when doing real auth is this:
>  
>  
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => 
> (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => 
> (38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => 
> "office-1@.local " (pf::radius::authorize)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] Instantiate profile LAN 
> (pf::Connection::ProfileFactory::_from_profile)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 
> 'default' (pf::config::util::filter_authentication_sources)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
> [mac:f8:60:f0:33:00:80] No category computed for autoreg 
> (pf::role::getNodeInfoForAutoReg)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 
> 'default' (pf::config::util::filter_authentication_sources)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from 
> node_info (pf::role::getRegisteredRole)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
> [mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) 
> or string at /usr/local/pf/lib/pf/role.pm line 489.
> (pf::role::getRegisteredRole)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - 
> returning node based role '' (pf::role::getRegisteredRole)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
> [mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: 
> (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
> [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element 
> at /usr/local/pf/lib/pf/Switch.pm line 608.
> (pf::Switch::getVlanByName)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
> [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation 
> (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611.
> (pf::Switch::getVlanByName)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
> [mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the 
> switch 10.0.20.2 (pf::Switch::getVlanByName)
> Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303)

Re: [PacketFence-users] Radius-auth port 1812 not listening after PKI integration

2020-09-24 Thread Ludovic Zammit via PacketFence-users 
Hello,

You could see why te radius does not start properly with :

journalctl -u packetfence-radiusd-auth

Fix that and you should be ok.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Sep 23, 2020, at 1:30 PM, 'van Rooij Neal' via PacketFence-users 
>  wrote:
> 
> Hello all,
> 
> I intergrated Microsoft PKI with PacketFence, following the Installation 
> Guide. 
> I was able to get some certificates for some users, but never to authenticate 
> them with PacketFence. 
> 
> The logs from my Cisco 3560-C switch showed some failures : 
> %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.0.100:1812,1813 is not responding.
> %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.20.0.100:1812,1813 is being marked 
> alive.
> 
> I captured the frames with WireShark and noticed that the RADIUS 
> Access-Request (to port 1812) get an Destination unreachable response. 
> 
> |Time | 172.20.0.6   | 
> | |   | 172.20.0.100   |  
> |28.616349| Access-Request(1) (i  |RADIUS: Access-Request(1) 
> (id=38, l=191)
> | |(1645)   -->  (1812)   |
> |28.616985| Destination unreacha  |ICMP: Destination 
> unreachable (Port unreachable)
> | |(1812)   <--  (1645)   |
> 
> 
> I tried restarting the service with : /usr/local/pf/bin/pfcmd service radiusd 
> restart. 
> The output's first line shows : packetfence-radiusd-auth.service  stopped 0
> even if the service (from status->service) radiusd-auth is running.
> However, it says that the PID number is 0. 
> 
> 
> Would anyone know how I could try to debug this ?
> 
> Thanks a lot,
> Neal
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Multiple LDAP Souce and 802.1x Authentication

2020-09-24 Thread Ludovic Zammit via PacketFence-users 
Hello there,

802.1x EAP PEAP works in two steps:

1 - Authentication:

- RADIUS where it verify your identity against an Activer Directory with an 
NTLM_auth request

Then, if the authentication is successful, you pass to the step 2:

2 - Authorization:

- PacketFence extract a username from the previous radius authentication and 
tries to find an available connection profile to match that username with a 
source.
- Once it finds a source it will try to do a LDAP request to see if that source 
matches any rule to bring an access duration / unreg date and a role.
- If you match a rule, it takes the unregdate + the role, check where you are 
connecting to translate the role to a VLAN ID or ACL name

Once all that’s done it sends the RADIUS replay with an Access Accept with your 
Authorization in it.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org ) 




> On Sep 24, 2020, at 6:29 AM, evren korkmaz via PacketFence-users 
>  wrote:
> 
> Hi, 
> 
> I try to use second ldap source on packetfence v10.01 . 
> 
> I think I have completed the necessary configurations completely. While 
> testing, web authentication worked without problems, but 802.1x did not 
> authenticate. While trying to fix the problem i noticed that it is asking 
> only AD for 802.1x authentication not ldap source. 
> 
> Then, i just added the ldap source i just created to the connect profile. 
> Queries should be directed to the ldap source i created based on these 
> settings.But even with these settings it just use AD. If the user is not in 
> AD, the request is still not being sent to LDAP. 
> 
> How can i do 802.1x authentication to the ldap source i am trying to add?
> I will be glad if you help.
> Regards.
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence set role by mac not user...

2020-09-24 Thread Fetakungen Virtual Adventurer via PacketFence-users 
Hi I've stil have problem with my role assignment when im trying to use radius 
auth for my HP Access Switches.

The config is aaa authentication port-access chap-radius Server-group "XX" / 
aaa port-access authenticator X/XX on the Authenticating switch which in this 
case is 10.0.20.2 and the access switch (supplicant) config is : aaa 
port-access supplicant 25 identity 
office-1@.local secret y

The authentication request is approved but instead of using the username for 
role assignment it seems to use the "node" role which is put on the access 
switch mac in this case f8:60:f0:33:00:80 when the node is "auto registered" as 
the role by default is no role, no role is assigned. So there is the 
"explantion", but why is this happening ?

In the authentication source which is being used the rule are to put the switch 
with role "office_switch". But since packetfence only authenticate the user and 
then try so assign role by mac this fails/ are being skipped..

This rule works fine with pftest... The output of pftest is this:

Authenticating against 'VEMAB' in context 'admin'
  Authentication SUCCEEDED against VEMAB (Authentication successful.)
  Matched against VEMAB for 'authentication' rule SWITCH
set_role : Office_Switch
set_access_duration : 1D
  Did not match against VEMAB for 'administration' rules

Authenticating against 'VEMAB' in context 'portal'
  Authentication SUCCEEDED against VEMAB (Authentication successful.)
  Matched against VEMAB for 'authentication' rule SWITCH
set_role : Office_Switch
set_access_duration : 1D
  Did not match against VEMAB for 'administration' rules


The output of packetfence.log when doing real auth is this:


Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => 
(10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => 
(38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => 
"office-1@.local" (pf::radius::authorize)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
[mac:f8:60:f0:33:00:80] No category computed for autoreg 
(pf::role::getNodeInfoForAutoReg)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 
'default' (pf::config::util::filter_authentication_sources)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from 
node_info (pf::role::getRegisteredRole)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
[mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) 
or string at /usr/local/pf/lib/pf/role.pm line 489.
(pf::role::getRegisteredRole)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - 
returning node based role '' (pf::role::getRegisteredRole)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: (undefined), 
Role: (undefined) (pf::role::fetchRoleForNode)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
[mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element at 
/usr/local/pf/lib/pf/Switch.pm line 608.
(pf::Switch::getVlanByName)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
[mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation 
(.) or string at /usr/local/pf/lib/pf/Switch.pm line 611.
(pf::Switch::getVlanByName)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: 
[mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the 
switch 10.0.20.2 (pf::Switch::getVlanByName)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] security_event 133 force-closed for 
f8:60:f0:33:00:80 (pf::security_event::security_event_force_close)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] Instantiate profile LAN 
(pf::Connection::ProfileFactory::_from_profile)
Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: 
[mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => 
(10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => 
(38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => 
"office-1@.local" (pf::radius::authorize)
Sep 23 23:26:08 RADIUS-1

[PacketFence-users] Radius-auth port 1812 not listening after PKI integration

2020-09-24 Thread 'van Rooij Neal' via PacketFence-users 

Hello all,  
  
I intergrated Microsoft PKI with PacketFence, following the Installation Guide. 
  
I was able to get some certificates for some users, but never to authenticate 
them with PacketFence.   
  
The logs from my Cisco 3560-C switch showed some failures :   
%RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.0.100:1812,1813 is not responding.  
%RADIUS-4-RADIUS_ALIVE: RADIUS server 172.20.0.100:1812,1813 is being marked 
alive.  
  
I captured the frames with WireShark and noticed that the RADIUS Access-Request 
(to port 1812) get an Destination unreachable response.   
  
|Time | 172.20.0.6                                   |   
|             |   | 172.20.0.100           |    
|28.616349| Access-Request(1) (i  |RADIUS: Access-Request(1) 
(id=38, l=191)  
|             |(1645)   -->  (1812)   |  
|28.616985| Destination unreacha  |ICMP: Destination 
unreachable (Port unreachable)  
|             |(1812)   ___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Multiple LDAP Souce and 802.1x Authentication

2020-09-24 Thread evren korkmaz via PacketFence-users 
Hi,

I try to use second ldap source on packetfence v10.01 .

I think I have completed the necessary configurations completely. While
testing, web authentication worked without problems, but 802.1x did not
authenticate. While trying to fix the problem i noticed that it is asking
only AD for 802.1x authentication not ldap source.

Then, i just added the ldap source i just created to the connect profile.
Queries should be directed to the ldap source i created based on these
settings.But even with these settings it just use AD. If the user is not in
AD, the request is still not being sent to LDAP.

How can i do 802.1x authentication to the ldap source i am trying to add?
I will be glad if you help.
Regards.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users