Please note this is not supported by PacketFence/Inverse at the time of writing
There aren’t really any guides out there for Mist and Packetfence integration. During our time working with the Mist engineers we were able to get the authentication services working between Mist and PacketFence. We’ll submit this as a PR to Packetfence in the hope that it’s included in the main release.
To make this work you need to configure the Mist system with an SSID with the following security parameters:
From here the Mist system attempts to authenticate the device using RADIUS-MAB against the PacketFence system. Should PacketFence not authenticate the device, it returns a redirect request for the device which the Mist AP picks up and forwards to the client so that they can register.
The CoA settings are required here as, should the user no longer become registered e.g. PacketFence times out the device, then a CoA is sent to the Mist system for the device to be disassociated from the wireless environment.
Firstly, the Mist.pm perl script will need to be installed into the PacketFence environment so PacketFence understand hows to communicate with Mist and to perform the CoA requests as per the configuration. To access this please visit here: https://github.com/talanw/mist-packetfence
Mist uses the APs as a RADIUS Authenticator so each AP will need to be installed as a “Switch” in the PacketFence configuration. We have created a script to do this as PacketFence do not provide a POST in their API Documentation for config/switches as well as deployment of RADIUS to NPS which is available here: https://randomitstuff720939636.wordpress.com/2020/06/02/mist-nps-and-packetfence-radius-scripts/
However, should you only need to deploy one or two APs as part of a PoC then the switch settings required are as follows:
IP Address: Ip Address of the AP
Deauthentication Method: RADIUS
Use CoA: Yes
Role by VLAN ID: Off
Role by Switch Role: Off
Role by Access List: Off
Role by Web Auth URL: On
Secret Passphrase: RadiusSecretKey