> On Mar 21, 2016, at 10:30 , Tobias Friede <[email protected]> wrote:
>
> So my question is:
> Is PF able to check client certificates which are generated from a Windows CA
> and not on the PF server?
Yes it can.
As far as PacketFence is concerned, that would just be a case of EAP-TLS
authentication.
As long as the FreeRADIUS server has the CA cert it can use it to check the
connecting supplicant’s cert has been signed by it.
All that’s required is for you to copy the CA cert on the PacketFence server
and then reference it in /usr/local/pf/conf/radiusd/eap.conf.
It works beautifully.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
