[PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working
Hi all, I tried to setup 802.1x with Azure AD using this guide https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration I did user authentication test using /usr/local/pf/bin/pftest. The auth test succeeded. But when I tried to test using eapol_test using this config file network={ ssid="Test" key_mgmt=WPA-EAP eap=TTLS identity="testing.netw...@domain.edu" anonymous_identity="anonymous" password="hLVrK8bWt6QseUfF" phase2="auth=PAP" # # Uncomment the following to perform server certificate # validation. # ca_cert="/etc/raddb/certs/ca.der" } eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A 172.30.172.87 -a 172.30.172.87 It failed. The radius log output is like this EAP-Type = TTLS PacketFence-NTLMv2-Only = "" Service-Type = Framed-User PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" User-Name = " testing.netw...@domain.edu" PacketFence-Outer-User = "anonymous" PacketFence-Radius-Ip = "172.30.172.87" Calling-Station-Id = "02:00:00:00:00:01" FreeRADIUS-Proxied-To = 127.0.0.1 Framed-MTU = 1400 NAS-IP-Address = 127.0.0.1 Event-Timestamp = "Apr 2 2022 08:28:17 UTC" Realm = "domain.edu" User-Password = "**" Stripped-User-Name = "testing.network" Module-Failure-Message = "No Auth-Type found: rejecting the user via Post-Auth-Type = Reject" SQL-User-Name = "testing.netw...@domain.edu" Any idea what did I miss? Regards, Irvan ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Azure AD user group in the authentication source
Hello Ludovic, I have Azure AD only. Regards, Irvan On Fri, Nov 12, 2021, 20:52 Zammit, Ludovic wrote: > Hello Irvan, > > Do you have Azure AD only or it’s synced from a Active Directory ? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Nov 10, 2021, at 8:15 PM, z3r0byt3 via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello, > > I have a similar question from the previous thread. But in my condition I > use Azure AD. > What is the correct way to create a condition in the authentication source > based on Azure AD to verify the user specific group membership? > In traditional AD I used memberOf equals "full DN of Group" > What should I use for Azure AD? > > > Regards, > Irvan > > -- > Software is just like parachute, > it doesn't work if it is not open.. > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ED9oCQaSfU6Bbnw-zvDpqlwSNLusJ7bS8eB-RHUiduNFoNkqECN1Cm2zXuBuvfTK$ > > > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Azure AD user group in the authentication source
Hello, I have a similar question from the previous thread. But in my condition I use Azure AD. What is the correct way to create a condition in the authentication source based on Azure AD to verify the user specific group membership? In traditional AD I used memberOf equals "full DN of Group" What should I use for Azure AD? Regards, Irvan -- Software is just like parachute, it doesn't work if it is not open.. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users