Download PacketFence 7.2.0

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. The developers have released version 7.2.0 with the following changes:

New Features

• Added support for authenticating users through OpenID Connect
• Added passthroughs for devices in violation state (isolation network)
• Added ability to report a device lost or stolen in self-service portal
• Added ability to change a local account password in self-service portal
• Improved overall user experience or self-service portal

Enhancements

• Use the attributes returned by a radius use source as attributes to compute the rules
• Most services now support systemd sd_notify notifications.
• The GUI will now only display readonly actions in readonly mode
• Journald total file size is now capped at 1Gb
• The GUI will now allow sources to be cloned
• The GUI now visually splits Administration and Authentication rules when viewing sources
• The GUI now has the ability to run “fixpermissions” from the web admin GUI
• haproxy captive portal rate-limiting is now configurable
• winbindd will now use the regular samba mechanisms to locate and select DCs
• New pfcmd command pfcmd pfqueue clear_expired_counters to clear the expired task counters
• Allow to disable the captive portal haproxy abuse access lists

Bug Fixes

• Added a cleanup of the number in the SMS source
• TLS certificates and keys will no longer be overwritten
• Limit the amount of tasks a worker processes to avoid memory from growing
• Fixed a case where the REJECT role isn’t honored in inline and some web-auth
• Sponsor authentication CC address is now BCC to help preserve privacy
• Use plain HTTP for network access detection page
• Fixed an issue where DHCP broadcast were treated more than once in clustered mode
• Fixed incorrect user login remaining count display
• Fixed a case where pfqueue counters show a count of 0 although queue is full
• node_discovered is no longer triggered when node hasn’t been created in DB
• Detect date was not being populated when nodes were discovered via radius
• Fixed leftover httpd processes when restarting
• Mariadb binary logs files are now properly rotated
• Fixed scss settings and colors being wiped on each upgrade