Re: [PacketFence-users] 802.1x computer + user
Sorry I forgot to add PacketFence users as cc. Oh yes you are right thank you ! I have a last question (sorry ;)) : One of my goal is to authenticate users only if they are on an AD computer. So far, Computer + user auth It is working well (computer is authenticated when on logon screen and user is authenticated when enters login) but how can I force user to be on an AD computer ? Thank you ! On Mon, May 23, 2022 at 11:00 AM José Ramos wrote: > Oh yes you are right thank you ! > I have a last question (sorry ;)) : > One of my goal is to authenticate users only if they are on an AD > computer. So far, Computer + user auth It is working well (computer is > authenticated when on logon screen and user is authenticated when enters > login) but how can I force user to be on an AD computer ? > Thank you ! > > On Sun, May 22, 2022 at 9:42 PM Fabrice Durand wrote: > >> create 2 connection profiles (802.1x and mac-auth) and 2 authentication >> sources (one for secure and the other one for mac-auth). >> Associate the first authentication source on the secure portal and the >> 2nd one to the mac-auth portal. >> >> Now you just need to play with the authentication rules on each source to >> return a different role. >> >> >> >> >> Le dim. 22 mai 2022 à 15:22, José Ramos a >> écrit : >> >>> Hello Fabrice. >>> >>> Thanks a lot for your answer but as I said I managed to do it :) >>> I have a second question since you are here : >>> I would like to give VLAN x if AD user connects through 802.1x and VLAN >>> y if AD user connects through portal. To me the best thing to do is to add >>> a condition with Connection type in the AD-users authentication source. But >>> the combobox is empty :'( which is a little bit problematic (I tried to add >>> the connection type manually in authentication.conf but it did not work) >>> >>> This is not urgent. >>> >>> PS : I don't know if you using oeufd...@gmail.com is planned :D >>> >>> >>> On Sun, May 22, 2022 at 8:43 PM Fabrice Durand >>> wrote: >>> Hello José, you have to combine 2 authentication sources, one for the user and the other for the computer. The difference between the 2 will be the username attribute , for user it´s sAMAccountName and for computer it´s userPrincipalName (btw create authentication rules for user and machines) So once you have the 2 authentication sources , assign them on the same connection profile (per example the one you use to filter on the secure ssid) . https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role Regards Fabrice Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > I went the wrong way actually I didn't want to do that. > What I would like to do is give the user a role if he is on a domain > computer. > I guess it is just a condition in my AD-users authentication > source.but I can't do it. > Does someone have a suggestion ? :) > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
It's OK I managed to do it by adding role condition in connection profile. I should maybe try more before asking ... Sorry and thanks to all PF users and developers for their help ! On Mon, May 23, 2022 at 11:00 AM José Ramos wrote: > Sorry I forgot to add PacketFence users as cc. > > Oh yes you are right thank you ! > I have a last question (sorry ;)) : > One of my goal is to authenticate users only if they are on an AD > computer. So far, Computer + user auth It is working well (computer is > authenticated when on logon screen and user is authenticated when enters > login) but how can I force user to be on an AD computer ? > Thank you ! > > On Mon, May 23, 2022 at 11:00 AM José Ramos > wrote: > >> Oh yes you are right thank you ! >> I have a last question (sorry ;)) : >> One of my goal is to authenticate users only if they are on an AD >> computer. So far, Computer + user auth It is working well (computer is >> authenticated when on logon screen and user is authenticated when enters >> login) but how can I force user to be on an AD computer ? >> Thank you ! >> >> On Sun, May 22, 2022 at 9:42 PM Fabrice Durand >> wrote: >> >>> create 2 connection profiles (802.1x and mac-auth) and 2 authentication >>> sources (one for secure and the other one for mac-auth). >>> Associate the first authentication source on the secure portal and the >>> 2nd one to the mac-auth portal. >>> >>> Now you just need to play with the authentication rules on each source >>> to return a different role. >>> >>> >>> >>> >>> Le dim. 22 mai 2022 à 15:22, José Ramos a >>> écrit : >>> Hello Fabrice. Thanks a lot for your answer but as I said I managed to do it :) I have a second question since you are here : I would like to give VLAN x if AD user connects through 802.1x and VLAN y if AD user connects through portal. To me the best thing to do is to add a condition with Connection type in the AD-users authentication source. But the combobox is empty :'( which is a little bit problematic (I tried to add the connection type manually in authentication.conf but it did not work) This is not urgent. PS : I don't know if you using oeufd...@gmail.com is planned :D On Sun, May 22, 2022 at 8:43 PM Fabrice Durand wrote: > Hello José, > > you have to combine 2 authentication sources, one for the user and the > other for the computer. > The difference between the 2 will be the username attribute , for user > it´s sAMAccountName and for computer it´s userPrincipalName (btw create > authentication rules for user and machines) > > So once you have the 2 authentication sources , assign them on the > same connection profile (per example the one you use to filter on the > secure ssid) . > > > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role > > Regards > Fabrice > > > > > > Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> I went the wrong way actually I didn't want to do that. >> What I would like to do is give the user a role if he is on a domain >> computer. >> I guess it is just a condition in my AD-users authentication >> source.but I can't do it. >> Does someone have a suggestion ? :) >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
create 2 connection profiles (802.1x and mac-auth) and 2 authentication sources (one for secure and the other one for mac-auth). Associate the first authentication source on the secure portal and the 2nd one to the mac-auth portal. Now you just need to play with the authentication rules on each source to return a different role. Le dim. 22 mai 2022 à 15:22, José Ramos a écrit : > Hello Fabrice. > > Thanks a lot for your answer but as I said I managed to do it :) > I have a second question since you are here : > I would like to give VLAN x if AD user connects through 802.1x and VLAN y > if AD user connects through portal. To me the best thing to do is to add a > condition with Connection type in the AD-users authentication source. But > the combobox is empty :'( which is a little bit problematic (I tried to add > the connection type manually in authentication.conf but it did not work) > > This is not urgent. > > PS : I don't know if you using oeufd...@gmail.com is planned :D > > > On Sun, May 22, 2022 at 8:43 PM Fabrice Durand wrote: > >> Hello José, >> >> you have to combine 2 authentication sources, one for the user and the >> other for the computer. >> The difference between the 2 will be the username attribute , for user >> it´s sAMAccountName and for computer it´s userPrincipalName (btw create >> authentication rules for user and machines) >> >> So once you have the 2 authentication sources , assign them on the same >> connection profile (per example the one you use to filter on the secure >> ssid) . >> >> >> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role >> >> Regards >> Fabrice >> >> >> >> >> >> Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < >> packetfence-users@lists.sourceforge.net> a écrit : >> >>> I went the wrong way actually I didn't want to do that. >>> What I would like to do is give the user a role if he is on a domain >>> computer. >>> I guess it is just a condition in my AD-users authentication source.but >>> I can't do it. >>> Does someone have a suggestion ? :) >>> ___ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
Hello Fabrice. Thanks a lot for your answer but as I said I managed to do it :) I have a second question since you are here : I would like to give VLAN x if AD user connects through 802.1x and VLAN y if AD user connects through portal. To me the best thing to do is to add a condition with Connection type in the AD-users authentication source. But the combobox is empty :'( which is a little bit problematic (I tried to add the connection type manually in authentication.conf but it did not work) This is not urgent. PS : I don't know if you using oeufd...@gmail.com is planned :D On Sun, May 22, 2022 at 8:43 PM Fabrice Durand wrote: > Hello José, > > you have to combine 2 authentication sources, one for the user and the > other for the computer. > The difference between the 2 will be the username attribute , for user > it´s sAMAccountName and for computer it´s userPrincipalName (btw create > authentication rules for user and machines) > > So once you have the 2 authentication sources , assign them on the same > connection profile (per example the one you use to filter on the secure > ssid) . > > > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role > > Regards > Fabrice > > > > > > Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> I went the wrong way actually I didn't want to do that. >> What I would like to do is give the user a role if he is on a domain >> computer. >> I guess it is just a condition in my AD-users authentication source.but I >> can't do it. >> Does someone have a suggestion ? :) >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
Hello José, you have to combine 2 authentication sources, one for the user and the other for the computer. The difference between the 2 will be the username attribute , for user it´s sAMAccountName and for computer it´s userPrincipalName (btw create authentication rules for user and machines) So once you have the 2 authentication sources , assign them on the same connection profile (per example the one you use to filter on the secure ssid) . https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_using_the_corporate_machine_role Regards Fabrice Le dim. 22 mai 2022 à 12:41, José Ramos via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > I went the wrong way actually I didn't want to do that. > What I would like to do is give the user a role if he is on a domain > computer. > I guess it is just a condition in my AD-users authentication source.but I > can't do it. > Does someone have a suggestion ? :) > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
I went the wrong way actually I didn't want to do that. What I would like to do is give the user a role if he is on a domain computer. I guess it is just a condition in my AD-users authentication source.but I can't do it. Does someone have a suggestion ? :) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
It's OK I managed to do it. TY On Tue, May 17, 2022 at 10:55 AM José Ramos wrote: > Thank you ! Can you tell me how you do this please ? > > On Tue, May 17, 2022 at 10:44 AM mj via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Yes, it is what we do. >> >> First the computer authenticates, and as soon as a user logs on, it >> switches to user authentication. >> >> MJ >> >> On 16/05/2022 14:19, José Ramos via PacketFence-users wrote: >> > Hello everyone. >> > Is it possible to combine 802.1x computer + user authentication ? >> > I only do user authentication so far but would like to give VLAN only >> if >> > the AD user uses AD computer :) >> > Thank you ! >> > >> > José Ramos >> > >> > >> > ___ >> > PacketFence-users mailing list >> > PacketFence-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
Thank you ! Can you tell me how you do this please ? On Tue, May 17, 2022 at 10:44 AM mj via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Yes, it is what we do. > > First the computer authenticates, and as soon as a user logs on, it > switches to user authentication. > > MJ > > On 16/05/2022 14:19, José Ramos via PacketFence-users wrote: > > Hello everyone. > > Is it possible to combine 802.1x computer + user authentication ? > > I only do user authentication so far but would like to give VLAN only if > > the AD user uses AD computer :) > > Thank you ! > > > > José Ramos > > > > > > ___ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] 802.1x computer + user
Yes, it is what we do. First the computer authenticates, and as soon as a user logs on, it switches to user authentication. MJ On 16/05/2022 14:19, José Ramos via PacketFence-users wrote: Hello everyone. Is it possible to combine 802.1x computer + user authentication ? I only do user authentication so far but would like to give VLAN only if the AD user uses AD computer :) Thank you ! José Ramos ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
