Thanks Antoine, That's not quite what I'm after. I'll explain. Currently I'm only using LDAP source (actually AD, but they seem the same) to authenticate users logging in for management of packetfence. Our radius users don't use the packetfence sources, they are controlled with vlan filters. So the radius certificate isn't going to work for this.
I'm looking to configure packetfence to use the more secure ldaps for helpdesk staff logging into the packetfence admin GUI. In my experience, this requires uploading of the public key of our domain root CA, so that the domain controller can decrypt the ldaps connection coming in to it. It looks like this is possible, however I'm not sure where to configure the domain public key. If it's not possible that's fine also. Cheers, Andi From: Antoine Amacher [mailto:[email protected]] Sent: 25 November 2016 14:51 To: [email protected] Subject: Re: [PacketFence-users] ldap/ad source with SSL Hello Andi, What you looking for is https://packetfence.org/doc/PacketFence_Administration_Guide.html#_authentication section 9.2.1 There is no certificate to configure for the source LDAP in itself. SSL/Start TLS depends on how your LDAP is configured to receive the connection for binding. The configuration of the certificate to authenticate(RADIUS) has to be configured /usr/local/pf/conf/radiusd/eap.conf under the section TLS. Thanks On 11/25/2016 04:36 AM, Morris, Andi wrote: Hi all, Hopefully just a quick one. I can't find a mention anywhere of how to setup LDAPS as a source. I can see that you can select SSL as part of the AD source, however I'm not sure where to configure the certificate for this. Any pointers? Cheers, Andi ------------------------------------- Andi Morris IT Security Officer Cardiff Metropolitan University T: 02920 205720 E: [email protected]<mailto:[email protected]> Skype for Business: [email protected]<mailto:[email protected]> -------------------------------------- ________________________________ [Cardiff Metropolitan University - Queens Anniversary Prizes 2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx> ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Antoine Amacher [email protected]<mailto:[email protected]> :: www.inverse.ca<http://www.inverse.ca> +1.514.447.4918 x130 :: +1 (866) 353-6153 x130 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
