Dear Fabrice,
I didn't know your solution so I'd choose to change inner-tunnel:
authroize {
...
if ( "%{outer.request:User-Name}" != "%{User-Name}" ) {
fail
}
Best regards
Enrico
Il 09/05/2019 23:52, Durand fabrice via PacketFence-users ha scritto:
In the realm configuration in packetfence you can choose to strip on the
portal/radius/admin, also you can add "strip" in the freeradius option
and it will add the configuration in freeradius.
Regards
Fabrice
Le 19-05-09 à 10 h 16, Louis Scaringella via PacketFence-users a écrit :
Where is
Thank you! I’m seeing my other message now showing up.
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
> On May 9, 2019, at 4:59 PM, Durand fabrice via PacketFence-users
> wrote:
>
> yes
>
> Le 19-05-09 à 10 h 23, Louis Scaringella via PacketFence-users a
yes
Le 19-05-09 à 10 h 23, Louis Scaringella via PacketFence-users a écrit :
I’m embarrassed to say at my age, i’ve never used a mailing list so trying to
understand how it works. Will this message show up on Sourceforge?
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785
Hello Adrian,
so it's not really an issue since when you plug something in the switch
port the vlan change to the correct vlan.
Btw there is no action from packetfence when you disconnect the device
from the switch port.
Regards
Fabrice
Le 19-05-09 à 11 h 40, Adrian Dessaigne via PacketF
Another solution can be to add an attribute in the reply (from the
external radius server) with the user name from the inner tunnel and in
post-proxy section rewrite to username.
Regards
Fabrice
Le 19-05-09 à 15 h 21, Enrico via PacketFence-users a écrit :
Hello Fabrice,
in fact you underst
Hello Fabrice,
in fact you understand very well, PF proxy doesn't show what is in the
inner tunnel
so I changed the config of my radius backend , to check and allow login
only if the identity
is the same as the username held in the inner tunnel.
Thanks again.
Best regards.
Enrico
Il 09/05/19 0
I’m embarrassed to say at my age, i’ve never used a mailing list so trying to
understand how it works. Will this message show up on Sourceforge?
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
The information transmitted, including any attachments, is inten
Hello Fabrice.
The issue is only when I disconnect the device / when it comes off. The port
won't return to the registration vlan. When I first configure the port, I set
it to the registration VLAN and set it has default. When I plug a device and
getting authenticated through 802.1X, the port
Where is the username strip option configured? Is this a FreeRadius config?
The information transmitted, including any attachments, is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination
Scratch that - got the certs working, had to play around with the config a
bit.
Still getting the SQL error even after changing to 127.0.0.1. At this point
I'll feel more comfortable starting fresh.
On Thu, May 9, 2019 at 10:00 AM Stuart Gendron
wrote:
> Hey there,
>
> Not a cluster setup.
>
>
Hey there,
Not a cluster setup.
I updated the config files to point to 127.0.0.1 instead and am getting
more errors now when I restart the pf service.
For fun, I changed the certificates under /usr/local/pf/conf/ssl on the
original PF server I setup and it also broke (server refusing connection
On Wed, May 8, 2019 18:37, Durand fabrice wrote:
> Hello David,
>
> can you try that:
>
> [mymachine1]
> filter = mac
> operator = is
> value = 07:3d:95:14:aa:ee
>
> [mac:mymachine1]
> scope = returnRadiusAccessAccept
> merge_answer = yes
> answer1 = Egress-V
13 matches
Mail list logo