Hi Louis Many thanks for your kind reply..
To clarify I do not store any password hashes in OpenLDAP, all hashes are kept in kerberos. I use SASL to bridge incoming user auth requests between OpenLDAP and Kerberos. So openLDAP does not see any hashes.. Can user based authentication still be achieved here? Kind Regards Mohamed On 13 November 2015 at 14:49, Louis Munro <[email protected]> wrote: > Actually, let me rephrase that for added clarity. > > You could proxy RADIUS traffic from the PacketFence server to another > RADIUS server. > I don’t think that is what you want to do though. > What you want is really to authenticate the users with PEAP on the > PacketFence server. > As long as the NT hash is available for that user in OpenLDAP that is > certainly doable. > > Kerberos plays no part in that. > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On Nov 13, 2015, at 9:45 , Louis Munro <[email protected]> wrote: > > Mohamed, > > The answer to your question (as asked) is no. > But I think the answer to the question you should be asking is yes. > > You don’t store passwords in Kerberos. > You (presumably) store a password hash, which your OpenLDAP server may > expose to the RADIUS server. > > So it’s a matter of configuring the raddb/modules/ldap and > raddb/modules/mschap correctly for that. > Read the contents of those files and the FreeRADIUS documentation for that. > Plenty of people do it. > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On Nov 13, 2015, at 7:44 , Mohamed Hamid < > [email protected]> wrote: > > Hi Guys > > I use openLDAP in my environment store passwords in Kerberos. > > I would like to use PacketFence to enable user based authentication to my > wireless network. > > 1) Can Packet fence act as a proxy to my kerberos servers so that users > can authenticate perhaps using EAP-PEAP? > > Kind Regards > > Mohamed > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- *Mohamed Hamid* *Network Analyst* *Cabinet Office* *Government Digital Service * *M:* 07827 992605 *E: *[email protected] *W: *www.gov.uk
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
