Am 14.03.2024 um 19:38 schrieb Zammit, Ludovic:
This is how I would do it:
- Do EAP TLS computer authentication on the devices
- Make sure to install the Root CA that signed the compter cert into
PacketFence root CA authority under Config / SSL certificate / Root CA
- Create a connection
Am 13.03.2024 um 21:44 schrieb Zammit, Ludovic:
Can you tell me one use case that you want to achieve with EAP TLS
authentication ?
Hello Ludovic,
The use case (i.e. requirement) is to register/accept hosts based on
their account/group-membership in the AD irrespective of the current user.
On 06.03.2024 17:22, Zammit, Ludovic wrote:
Correct, I’m referring to the computer authentication mode on the
windows supplicant setup.
All authentication interaction would logged into the
/usr/local/pf/logs/packetfence.log you do the following:
grep MAC-ADDRESS
Hello Ludovic,
the authentication mode on the computer (windows, wired autoconfig) is
set to "computer authentication" or do you refer to a setting within
packetfence? The PF authentication Source uses servicePricipalName as
Username Attribute, is there any other setting to come into play?
Hi All,
Is ist possible to read the access duration set in the Action Part of a
Authentication Source/Authentication Rule from a variable e.g. to set
the Session-Timeout Radius Accept Message in a Switch Template
accordingly, or does this require the use of radius filters? How I can I
find
Hi All,
We would like to use packetfence for Dot1X EAP-TLS authentication based
on machine certificates with the hostname as the
TLS-Client-Cert-Common-Name (the user of the machine afterwards
authenticates against AD directly).
The role-mapping and authentication itself in PF works well, but
On 24.05.2023 20:26, packetfence-users-requ...@lists.sourceforge.net wrote:
Hello Ludovic,
If I read that right, you are trying to do EAP TLS certificate based
authentication.
RADIUS authentication as a whole happens in two steps. The first step (RADIUS
Authentication) will be to verify
Dear list,
We are currently evaluating packetfence for machine- as well as user-
authentication (but not on the same device). According to the
installation guide we set the Authentication Sources to use
servicePrincipalName (together with Search Attribute dNSHostName) for
machine auth and