Am 14.03.2024 um 19:38 schrieb Zammit, Ludovic:
This is how I would do it:
- Do EAP TLS computer authentication on the devices
- Make sure to install the Root CA that signed the compter cert into
PacketFence root CA authority under Config / SSL certificate / Root CA
- Create a connection
Not to hijack this thread, but this is something we are looking into as
well (since we have been successful in setting up EAPTLS) Is there any
documentation as to how we could set up both AD machine object and JAMF
Computers/Mobile objects to autoregister when connected with their machine
Hello Jochen,
This is how I would do it:
- Do EAP TLS computer authentication on the devices
- Make sure to install the Root CA that signed the compter cert into
PacketFence root CA authority under Config / SSL certificate / Root CA
- Create a connection profile with a sub connection filter on
Am 13.03.2024 um 21:44 schrieb Zammit, Ludovic:
Can you tell me one use case that you want to achieve with EAP TLS
authentication ?
Hello Ludovic,
The use case (i.e. requirement) is to register/accept hosts based on
their account/group-membership in the AD irrespective of the current user.
Hello,
Can you tell me one use case that you want to achieve with EAP TLS
authentication ?
Thanks,
Ludovic Zammit
Product Support Engineer Principal Lead
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
On 06.03.2024 17:22, Zammit, Ludovic wrote:
Correct, I’m referring to the computer authentication mode on the
windows supplicant setup.
All authentication interaction would logged into the
/usr/local/pf/logs/packetfence.log you do the following:
grep MAC-ADDRESS
Hello,
Correct, I’m referring to the computer authentication mode on the windows
supplicant setup.
All authentication interaction would logged into the
/usr/local/pf/logs/packetfence.log you do the following:
grep MAC-ADDRESS /usr/local/pf/logs/packetfence.log
Thanks,
Ludovic Zammit
Hello Ludovic,
the authentication mode on the computer (windows, wired autoconfig) is
set to "computer authentication" or do you refer to a setting within
packetfence? The PF authentication Source uses servicePricipalName as
Username Attribute, is there any other setting to come into play?
Hello there,
I think the answer is that you have to do computer authentication only, because
I think you do computer + user authentication and the user authentication
overrides the computer authentication.
Thanks,
Ludovic Zammit
Product Support Engineer Principal Lead
Cell: +1.613.670.8432
Hi All,
We would like to use packetfence for Dot1X EAP-TLS authentication based
on machine certificates with the hostname as the
TLS-Client-Cert-Common-Name (the user of the machine afterwards
authenticates against AD directly).
The role-mapping and authentication itself in PF works well, but
10 matches
Mail list logo
