Discussion:
[PacketFence-users] Device auto registration for 802.1x authentification
Evan Linwood
2016-06-20 13:50:05 UTC
Permalink
Hello,
I am wanting to register devices automatically upon 802.1x authentification, but can't get pf auto registration working.

I've seen a few references to modifying /usr/local/pf/lib/pf/vlan/custom.pm and uncommenting the code for shouldAutoRegister, including a relatively recent link here:

http://comments.gmane.org/gmane.comp.networking.packetfence.user/7561

My first problem is that there is no 'vlan' folder in my pf installation under the /usr/local/pf/lib/pf folder.

I've attempted to try my luck modifying the copies of custom.pm under the /usr/local/pf/lib/pf/role and /usr/local/pf/lib/pf/radius folders to include the code for shouldAutoRegister, but this hasn't worked.

I have my switch configured in 'Registration' mode.

802.1x authentification itself is working fine, I'm getting the following pf radius audit messages:

MAC Address xx:xx:xx:xx:xxxx
Auth Status Accept
Auth Type EAP
Auto Registration no
Calling Station ID xx:xx:xx:xx:xxxx
Computer name iPhone
EAP Type MS-CHAP-V2
Event Type Radius-Access-Request
IP Address
Is a Phone no
Node status unreg
Domain
Profile
Realm default
Reason
Role
Source
Stripped User Name testuser
User Name testuser
Unique ID


Any help is much appreciated - thanks Evan
Dustin Berube
2016-06-20 14:04:39 UTC
Permalink
Hi Evan,

I didn't see what version of packetfence you were using. Have a look at
vlan filters, from the web interface under the main category -> filter
engines, or in /usr/local/pf/conf/vlan_filters.conf.

Here's two samples that are working in my test deployment. Basically in
addition to the vlan filters you will need to create a portal profile that
matches the criteria and maps it to an authentication source.

[etherneteap]
filter = connection_type
operator = is
value = Ethernet-EAP

[1:etherneteap]
scope = AutoRegister
role = default

[fccsecure]
filter = ssid
operator = is
value = fcc

[wifieap]
filter = connection_type
operator = is
value = Wireless-802.11-EAP

[2:fccsecure&wifieap]
scope = AutoRegister
role = default

Hope this helps.
-dustin
Post by Evan Linwood
Hello,
I am wanting to register devices automatically upon 802.1x
authentification, but can't get pf auto registration working.
I've seen a few references to modifying /usr/local/pf/lib/pf/vlan/
custom.pm and uncommenting the code for shouldAutoRegister, including a
http://comments.gmane.org/gmane.comp.networking.packetfence.user/7561
My first problem is that there is no 'vlan' folder in my pf installation
under the /usr/local/pf/lib/pf folder.
I've attempted to try my luck modifying the copies of custom.pm under the
/usr/local/pf/lib/pf/role and /usr/local/pf/lib/pf/radius folders to
include the code for shouldAutoRegister, but this hasn't worked.
I have my switch configured in 'Registration' mode.
802.1x authentification itself is working fine, I'm getting the following
MAC Address xx:xx:xx:xx:xxxx
Auth Status Accept
Auth Type EAP
Auto Registration no
Calling Station ID xx:xx:xx:xx:xxxx
Computer name iPhone
EAP Type MS-CHAP-V2
Event Type Radius-Access-Request
IP Address
Is a Phone no
Node status unreg
Domain
Profile
Realm default
Reason
Role
Source
Stripped User Name testuser
User Name testuser
Unique ID
Any help is much appreciated - thanks Evan
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Loading...