Software update: PacketFence 7.2.0

Spread the love

An NAC system can be used to secure a network environment. This allows, based on pre-set policies, network devices to be automatically blocked if an undesirable situation occurs. Think of unknown network devices of visitors, a worm that is trying to spread or an authorized device that is equipped with a different operating system via a boot flop or live CD. PacketFence is such a nac system, with support for 802.1x and vlan isolation, which allows a network device to be placed in the correct vlan after analysis. The developers have released version 7.2.0 with the following changes:

New Features

  • Added support for authenticating users through OpenID Connect
  • Added passthroughs for devices in violation state (isolation network)
  • Added ability to report a device lost or stolen in self-service portal
  • Added ability to change a local account password in self-service portal
  • Improved overall user experience or self-service portal

Enhancements

  • Use the attributes returned by a radius use source as attributes to compute the rules
  • Most services now support systemd sd_notify notifications.
  • The GUI will now only display readonly actions in readonly mode
  • Journald total file size is now capped at 1Gb
  • The GUI will now allow sources to be cloned
  • The GUI now visually splits Administration and Authentication rules when viewing sources
  • The GUI now has the ability to run “fixpermissions” from the web admin GUI
  • haproxy captive portal rate-limiting is now configurable
  • winbindd will now use the regular samba mechanisms to locate and select DCs
  • New pfcmd command pfcmd pfqueue clear_expired_counters to clear the expired task counters
  • Allow to disable the captive portal haproxy abuse access lists

Bug Fixes

  • Added a cleanup of the number in the SMS source
  • TLS certificates and keys will no longer be overwritten
  • Limit the amount of tasks a worker processes to avoid memory from growing
  • Fixed a case where the REJECT role isn’t honored in inline and some web-auth
  • Sponsor authentication CC address is now BCC to help preserve privacy
  • Use plain HTTP for network access detection page
  • Fixed an issue where DHCP broadcast were treated more than once in clustered mode
  • Fixed incorrect user login remaining count display
  • Fixed a case where pfqueue counters show a count of 0 although queue is full
  • node_discovered is no longer triggered when node hasn’t been created in DB
  • Detect date was not being populated when nodes were discovered via radius
  • Fixed leftover httpd processes when restarting
  • Mariadb binary logs files are now properly rotated
  • Fixed scss settings and colors being wiped on each upgrade

Version number 7.2.0
Release status Final
Operating systems Linux
Website PacketFence
Download
License type GPL
You might also like