Pete,
Can you share your /usr/local/pf/raddb/eap.conf file.
Make sure to remove any sensitive info first (if there’s any)
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On February 11, 2015 at 09:56:12, Pete Hoffswell ([email protected])
wrote:
Hi Derek and packetfence-users -
We have a version 3 signed certificate from godaddy.com specifically named and
set for our packetfence server. It works perfectly for https access to the
admin console on packetfence. But our 802.1X connections do not seem to use
this cert, showing it as "Not Verified"
Our existing 802.1x deployment, that works on a Microsoft IAS server running .
We are passing AD domain credentials to authenticate. The certificate on this
server works fine.
Our android users connect with PEAP/MSCHAPV2 just fine.
Our iphone users connect they will get a Certificate page saying "Not Verified"
- Is there a way to have this say "verified" ?
Maybe I'll just not talk about linux and windows yet. :(
Thanks so much for the advice.
-
Pete Hoffswell - Network Manager
[email protected]
http://www.davenport.edu
On Wed, Feb 11, 2015 at 9:25 AM, Derek Wuelfrath <[email protected]> wrote:
Pete,
It depends on what type of 802.1X authentication that you’d like to put in
place.
Most of the time, when we talk about 802.1X, we talk about EAP-PEAP (MSCHAP) to
use domain credentials. We can also use EAP-TLS that requires client
certificate to authenticate rather than credentials.
EAP-PEAP (MSCHAP) will probably require a valid SSL certificate to be
configured on the RADIUS server. That way, clients will not have to make any
modification on their device to trust / untrust the server cert.
EAP-TLS doesn’t require any special certificate, except than the ones you will
be generating to authenticate the users.
Let me know if you need more info.
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On February 10, 2015 at 15:57:25, Pete Hoffswell ([email protected])
wrote:
Hi there -
Is there a special certificate type that is needed for 802.1X authentication?
How do I go about acquiring the correct type of cert, and applying it to my
PacketFence installation?
I don't see any documentation about this, and am not a certificate guru by any
means.
-
Pete Hoffswell - Network Manager
[email protected]
http://www.davenport.edu
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.
http://goparallel.sourceforge.net/_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
