PacketFence 13.1 released

January 17, 2024

The Inverse team is pleased to announce the immediate availability of PacketFence 13.1 - a minor release bringing interesting improvements!

Cloud-ready NTLM authentication service

PacketFence now provides its own NTLM authentication service - no longer relying on Samba nor requiring domain joins. EAP-PEAP authentications are now supported through the PacketFence Connector – allowing Cloud-based deployments of PacketFence while maintaining support for this popular authentication mechanism.

Apache Kafka for flows reporting

PacketFence v13.1 now integrates Apache Kafka. This technology allows PacketFence to report NetFlow and sFlow flow data to it – empowering administrators with more visibility and enforcement capabilities.

Improved ACLs precreation

ACLs precreation can now be performed on all or individual switches. This becomes handy when adding or replacing equipment. ACLs can be automatically pre-created upon equipment’s addition/replacement without having to wait for a global ACL change on roles.

Here’s the complete list of changes included in this release:

New Features

• New NTLM authentication service (no more domain joins, Cloud-ready)
• Added ACL precreation for individual and all switches (#7936)
• Integrated Apache Kafka for flows reporting
• Rewrote pfqueue in Go language

Enhancements

• RADIUS proxy configuration documentation and examples
• Node import supports IPv4 address (#7808)
• Added TCP flags parameter from role configuration in ACL for Cisco
• Added documentation for Azure AD EAP-TLS machine authentication
• Reuse the websocket buffer to reduce memory usage.
• Force mechanism LOGIN PLAIN for SMTP (#7813)
• Use the same timezone in all Docker images (#7862)
• Integrated Fingerbank Perl client into Packet``Fence’s source code
• Added many PKI improvements (generate CSR from CA, SCEP server proxy and resign certificate)
• Moved Aruba, Fortinet and HP switches to OS-based modules

Bug Fixes

• Encode in base64 the RADIUS request and store it in Redis (#7853)
• Improve error handling if the calling station cannot be parsed in pfacct (#7871)
• Add MariaDB to the OOM list
• Docker needs a specific configuration to pull images behind a proxy (#7946)
• Fix the password of the day password generation (#7862)
• Add back missing thread support in radiusd (#7963)

See the complete list of changes and the upgrade guide file for notes about upgrading.

This release is considered ready for production use and upgrading from previous versions is strongly advised.