Ciao Leonardo,
For the 1st question, you need a DNS record that makes the PF server
reachable FROM THE CLIENTs. It doesnt need to be reachable at all from the
internet. But the clients need to resolve "pf.mycompany.com" and get an IP
that PF has associated with the portal service. If you're using
create 2 connection profiles (802.1x and mac-auth) and 2 authentication
sources (one for secure and the other one for mac-auth).
Associate the first authentication source on the secure portal and the 2nd
one to the mac-auth portal.
Now you just need to play with the authentication rules on each
Hello Fabrice.
Thanks a lot for your answer but as I said I managed to do it :)
I have a second question since you are here :
I would like to give VLAN x if AD user connects through 802.1x and VLAN y
if AD user connects through portal. To me the best thing to do is to add a
condition with
Hello José,
IMO you should create 2 connection profiles, one for MAB (filter
connection_type = Ethernet-NoEAP) and another one for 802.1x (filter
connection_type = Ethernet-EAP).
Once done, assign the correct authentication source to the MAB profile
(sources you will see on the portal) .
On the
Hello José,
you have to combine 2 authentication sources, one for the user and the
other for the computer.
The difference between the 2 will be the username attribute , for user it´s
sAMAccountName and for computer it´s userPrincipalName (btw create
authentication rules for user and machines)
So
I went the wrong way actually I didn't want to do that.
What I would like to do is give the user a role if he is on a domain
computer.
I guess it is just a condition in my AD-users authentication source.but I
can't do it.
Does someone have a suggestion ? :)
hi Diego,
* there is no need for the PF machine to be publicly reachable. But it
should have a proper dns name / domain
Let's take a very simple case: the customer has a pf machine behind an Internet
router and has an Internet domain like mycompanyname.com and a static public IP.
It's OK I managed to do it. TY
On Tue, May 17, 2022 at 10:55 AM José Ramos
wrote:
> Thank you ! Can you tell me how you do this please ?
>
> On Tue, May 17, 2022 at 10:44 AM mj via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Yes, it is what we do.
>>
>> First the
I don't need help anymore on that !
On Sat, May 21, 2022 at 2:22 PM José Ramos
wrote:
> Hello ! I have configured 802.1x and mab. When I use mab and authenticate
> with an AD user on the portal I'm put in the right VLAN of my
> authentication source.
>
> 802.1x works aswell but always put me in
Hello ! I have configured 802.1x and mab. When I use mab and authenticate
with an AD user on the portal I'm put in the right VLAN of my
authentication source.
802.1x works aswell but always put me in VLAN 1 and does not assign roles.
I tried to enable stripped username in the DEFAULT realm but it
10 matches
Mail list logo
