Hello Diego, it's not really complicate to make it work with Edir, you don't have to configure winbind or join packetfence to the domain.
In order to make it work, you just have to configure on the freeradius
side (/usr/local/pf/raddb/modules) a file like that:
ldap edir {
server = "192.168.0.1"
port = 636
identity = "cn=username,o=acme"
password = superpassword
basedn = "o=acme"
filter =
"(&(cn=%{User-Name})(objectClass=Person))"
dictionary_mapping = ${confdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = nspmPassword
edir_account_policy_check = no
timeout = 4
timelimit = 3
net_timeout = 1
tls {
tls_mode = yes
cacertfile = /usr/local/pf/raddb/certs/ca/caedir.b64
cacertdir = /usr/local/pf/raddb/certs/ca/
require_cert = "allow"
}
}
and in /usr/local/pf/conf/radius/packetfence-tunnel
server packetfence-tunnel {
authorize {
suffix
ntdomain
%%multi_domain%%
eap {
ok = return
}
edir
update control {
MS-CHAP-Use-NTLM-Auth := No
}
files
....
Btw cn=username,o=acme must be allowed to read the universal password.
Regards
Fabrice
Le 2016-03-09 10:57, Diego Cairns a écrit :
> Hi
>
> I been trying to get packetfence 5.4 to work with Edirectory, but did
> not manage yet. I have already freeradius configured for my wireless
> running PEAP, but wanted to integrate 802.1x wired using packetfence.
> Does this really work without and AD ? From the issues I been having
> looks like I have to have winbind, a domain controller, etc?
>
> Thanks in advance for your help
> Diego
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
