PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
Describe the bug
When you do EAP-TLS using a certificate attribute that contain your identity (for instance: TLS-Client-Cert-Common-Name), PacketFence displays User-Name attribute of RADIUS request in RADIUS Audit log in place of certificate attribute used for authentication/authorization.
To Reproduce
Steps to reproduce the behavior:
Send a EAP-TLS request with identity stored in TLS-Client-Cert-Common-Name
Check RADIUS Audit log
=> User-Name field equals User-Name of RADIUS request
=> Owner of node equals identity stored in TLS-Client-Cert-Common-Name
Expected behavior
Display attribute used for authentication/authorization in RADIUS audit log.
Additional context
As discussed with @julsemaan, it's certainly possible to use a PacketFence- specific attribute.
nqb
commented
1 year ago
Describe the bug When you do EAP-TLS using a certificate attribute that contain your identity (for instance:
TLS-Client-Cert-Common-Name), PacketFence displays User-Name attribute of RADIUS request in RADIUS Audit log in place of certificate attribute used for authentication/authorization.To Reproduce Steps to reproduce the behavior:
TLS-Client-Cert-Common-Name=> User-Name field equals User-Name of RADIUS request => Owner of node equals identity stored in
TLS-Client-Cert-Common-NameExpected behavior Display attribute used for authentication/authorization in RADIUS audit log.
Additional context As discussed with @julsemaan, it's certainly possible to use a PacketFence- specific attribute.