Installation Guide for PacketFence version 8.0.0 Installation Guide by Inverse Inc. Version 8.0.0 - Apr 2018 Copyright © 2018 Inverse inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". The fonts used in this guide are licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: http:// scripts.sil.org/OFL Copyright © Łukasz Dziedzic, http://www.latofonts.com, with Reserved Font Name: "Lato". Copyright © Raph Levien, http://levien.com/, with Reserved Font Name: "Inconsolata". Table of Contents About this Guide ............................................................................................................... 1 Other sources of information ..................................................................................... 1 Introduction ...................................................................................................................... 2 System Requirements ......................................................................................................... 3 Assumptions ............................................................................................................. 3 Minimum Hardware Requirements .............................................................................. 3 Operating System Requirements ................................................................................. 3 Installation ........................................................................................................................ 5 Installing PacketFence from the ZEN ........................................................................... 5 Installing PacketFence on existing Linux ...................................................................... 6 Getting Started ................................................................................................................. 9 Going Through the Configurator ................................................................................. 9 Connecting PacketFence to Microsoft Active Directory ............................................... 10 Configuring Cisco Catalyst 2960 Switch .................................................................... 11 Adding the Switch to PacketFence ............................................................................ 12 Configuring the Connection Profile ........................................................................... 12 Configuring Microsoft Windows Supplicant ............................................................... 13 Testing .................................................................................................................... 13 Enabling the Captive Portal .............................................................................................. 14 Creating Authentication Source for Guests ................................................................ 14 Configure switchport for Web Authentication ............................................................ 14 Adjust Switch Configuration in PacketFence .............................................................. 15 Enabling Portal on Management Interface .................................................................. 15 Configuring the Connection Profile ........................................................................... 16 Testing .................................................................................................................... 16 Adding SMS Authentication for Guests ............................................................................. 17 Authentication Sources ............................................................................................ 17 Alerting ................................................................................................................... 18 Adding SMS Authentication Source ........................................................................... 18 Configuring the Connection Profile ........................................................................... 19 Testing .................................................................................................................... 19 Introduction to Role-based Access Control ........................................................................ 20 Adding Roles ........................................................................................................... 20 Using the Consultant Role ........................................................................................ 21 Using the Machine Role ........................................................................................... 21 Supported Enforcement Modes ........................................................................................ 23 Technical Introduction to Inline Enforcement .............................................................. 23 Technical Introduction to Out-of-band Enforcement ................................................... 24 Technical Introduction to Hybrid Enforcement ............................................................ 29 Technical Introduction to RADIUS Enforcement .......................................................... 30 Technical Introduction to DNS Enforcement .............................................................. 30 Adding Inline Enforcement to Existing Installation ............................................................... 32 Introduction ............................................................................................................ 32 Preparating the Operating System ............................................................................. 32 Adding Inline Interface ............................................................................................. 33 Network Devices ..................................................................................................... 34 Adding Connection Profile for Inline ......................................................................... 34 Testing the Inline Configuration ................................................................................ 35 Advanced Inline Topics ............................................................................................. 35 Adding VLAN Enforcement to Existing Installation .............................................................. 36 Introduction ............................................................................................................ 36 Copyright © 2018 Inverse inc. iii Adding the Registration and Isolation Interface ........................................................... 37 Network Devices ..................................................................................................... 38 Adding Connection Profile for Registration ................................................................ 39 Troubleshooting PacketFence ............................................................................................ 41 RADIUS Audit Log ................................................................................................... 41 Log files .................................................................................................................. 41 RADIUS Debugging ................................................................................................. 41 Authentication Mechanisms .............................................................................................. 43 Microsoft Active Directory (AD) ................................................................................ 43 OAuth2 Authentication ............................................................................................ 48 Eduroam ................................................................................................................. 52 SAML Authentication ............................................................................................... 52 Billing Engine .......................................................................................................... 54 External API Authentication ...................................................................................... 68 Advanced Portal Configuration ......................................................................................... 70 Portal Modules ........................................................................................................ 70 Portal Surveys ......................................................................................................... 78 Devices Registration ................................................................................................ 82 Passthroughs ........................................................................................................... 83 Proxy Interception ................................................................................................... 84 Parked Devices ........................................................................................................ 84 Advanced Access Configuration ........................................................................................ 86 Connection Profiles ................................................................................................