Hi all, I stil stuck on this,
The default windows setting is 802.1x user and machine authentication. So what I want is that PF ignores or just accept the machine auth and handle only the user auth. I have tried radius filters but not worked. What can I do? Some errors: Jun 9 14:23:52 mdb-vl-pf01 auth[13033]: (6347) mschap_machine: ERROR: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)' Jun 9 14:23:52 mdb-vl-pf01 auth[13033]: (6347) Login incorrect (mschap_machine: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'): [host/ZBLAPTOP2140] (from client 10.10.0.82/32 port 50333 cli a0:ce:c8:3b:2d:16 via TLS tunnel) [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:[email protected]] Martijn Langendoen netwerkbeheerder [email protected]<mailto:[email protected]> [cid:[email protected]] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:[email protected]] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: Martijn Langendoen via PacketFence-users <[email protected]> Verzonden: 25 May 2022 07:26 Aan: [email protected] CC: Martijn Langendoen <[email protected]> Onderwerp: Re: [PacketFence-users] 802.1X user authentication but not machine. Hi, Yes i have. As I wrote for normal AD computers is it working fine. But I want it also for non AD computers with 802.1X User only. In the radius request for the machine auth. the Username attribute is host/<computername>. [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:[email protected]] Martijn Langendoen netwerkbeheerder [email protected]<mailto:[email protected]> [cid:[email protected]] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:[email protected]] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: Baptiste Leroy via PacketFence-users <[email protected]<mailto:[email protected]>> Verzonden: 24 May 2022 22:49 Aan: [email protected]<mailto:[email protected]> CC: Baptiste Leroy <[email protected]<mailto:[email protected]>> Onderwerp: Re: [PacketFence-users] 802.1X user authentication but not machine. Hello. Did you create an authentication source ? You have to create an authentication source Type Active Directory with sAMAccountName as search attribute (this is the value by default anyway) Le mar. 24 mai 2022 à 22:04, Martijn Langendoen via PacketFence-users <[email protected]<mailto:[email protected]>> a écrit : Hello all, I have 802.1x implemented in the network and is working fine with laptops that are in de (onprem) AD with an account and the user as well. Now I get laptops (BYOD) for example but with Azure AD account (for example intune laptops) and I want only the 802.1X user authentication and not the machine auth because that fails and my cisco switch is blocking that port in this situation. In PF I make already an radius filter that if the username begins with host/ (the user-name is the computername with in the beginning host/<computername> ) then send a radius accept but this never happend. So has anyone a clue? [cid:[email protected]] [cid:[email protected]] Martijn Langendoen netwerkbeheerder [email protected]<mailto:[email protected]> [cid:[email protected]] 0118 654307 [cid:[email protected]]<https://www.facebook.com/dezbnl>[cid:[email protected]]<https://www.twitter.com/dezbnl>[cid:[email protected]]<https://www.linkedin.com/company/dezbnl>[cid:[email protected]]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:[email protected]] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
