Hello Tobias, yes PacketFence can do it, you will have to generate a certificate for PacketFence and add the public key in the freeradius config.
You just have to follow this guide: https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_MSPKI_Quick_Install_Guide.asciidoc#radius-certificate-generation Regards Fabrice Le 2016-03-21 10:30, Tobias Friede a écrit : > Hi, > > I am pretty new to PacketFence. At this time we use an Cisco ACS for > authenticate our Wireless LAN Clients with ActiveDirectory Machine > Accounts and client certificates from our Windows based CA. > So all of our Clients already have certificates installed via Active > Directory group policy. > > Because the Cisco ACS is old, and we doesn't get any update for that > system, I am playing around with different NAC systems like Microsoft > NPS, Cisco ISE and of course PacketFence :) > > I successfully installed the PacketFence server (CentOS 6) it works > well with 802.1x auth (via RADIUS with MAB). Now I want to try > certificate & machine account auth via PacketFence. > I found the "PacketFence PKI" but it seems to be an own CA for > deploying certificates to clients, but I don't want to generate the > Certificates on my PF Server (the PKI isn't documented in the > Administration documentation, so maybe i am wrong with this guess ?) > > So my question is: > Is PF able to check client certificates which are generated from a > Windows CA and not on the PF server? > > Thank you very much for help :) > > > Greetings > Tobias > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
