Software update: PacketFence 10.1.0

An NAC system can be used to secure a network environment. This allows network devices to be automatically blocked, based on pre-set policies, if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread, or an authorized device that is loaded with another operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x, finger bank and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. The developers have released version 10.1.0.

New Features

  • Live log viewer from admin interface
  • Fully tenant-aware admin interface
  • Support for MS-CHAP authentication for CLI/VPN access
  • New pfcertmanager service that generates certificate files from configuration


  • EAP configuration template – add a way to define multiples EAP profiles in FreeRADIUS
  • New action for AD/LDAP sources to set role when user is not found
  • Provide an advanced LDAP condition to allow custom LDAP queries
  • The captive portal can now feed HTTP client hints to the Fingerbank collector
  • Added ability to enable/disable a network anomaly detection policy (#5403)
  • Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement
  • Individual source rules can be disabled
  • Support for Dell N1500 starting from
  • CoA support for Ubiquiti Unifi AP
  • Added a way to define the Unifi AP by IP or IP range
  • Use the value of an LDAP attribute as a role
  • Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
  • The /api/v1/radius_attributes endpoint is now searchable
  • Proxy the captive portal detection URL when the device is registered
  • Choose which EAP profile to use based on the realm
  • LDAPs basedn can be defined in the authentication sources rules
  • New hooks for the RADIUS filter engine in eduroam virtual server
  • Redefined “restart” in the service manager to allow “PartOf” in systemd scripts
  • Set role from source authentication rule option (needs #5459)
  • Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)
  • RADIUS request attributes / username are part of the common attributes
  • Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file
  • Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules
  • Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules
  • Added a way to extend the LDAP filter for searchattributes configuration
  • Documentation for EAP profile selection
  • Documentation for regex realm
  • Documentation for new action/condition in LDAP authentication
  • Moved the VLAN filters example as default disabled VLAN filter
  • Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
  • OpenID pid mapping is now configurable
  • Can map OpenID attributes to a person attributes
  • Allow to create authentication rules based on OpenID attributes

Bug Fixes

  • Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
  • Barracuda NG firewall SSO SSH fails (#4828)
  • Impossible to set multiple access level in administration rule (#5440)
  • Fixed when its running behind a proxy (#3425 )
  • Fix vendor attributes not being sent from Switch Template (#5453)
  • Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to ‘0000-00-00 00:00:00’

Version number 10.1.0
Release status Final
Operating systems Linux
Website PacketFence
License type GPL