Hello All,
just to clarify some points.
First realmd can't be used because we have to use ntlm_auth in
Freeradius to authenticate user for eap/peap mschap v2.
Next, Configuration → Policies and Access Control → Domains → Active
Directory Domains – Add Domain is only to join the machine to a windows
domain (it create a chroot for each domains).
Configuration → Policies and Access Control → Domains → Realms is to
associate a realm to a windows domain, it mean that if the username is
b...@acme.edu then if there is a realm define for acme.edu then it will
use the domain associated to it to validate the credentials (In Freeradius).
Don't forget that the username can be ACME\bob , so you will need to
create a realm ACME too.
Last thing, in Configuration → Policies and Access Control →
Authentication Sources (Type Internal) when you define a realm
associated to a source (like acme.edu) then it mean that if you use on
the portal or for 802.1x auto registration a username like b...@acme.edu
then PacketFence will use it (you can strip the username if needed in
the source).
Regards
Fabrice
Le 2018-01-07 à 19:32, E.P. via PacketFence-users a écrit :
>
> I’m curious, did you create a new realm or used the default one and
> linked it to AD ?
>
> I tried to create a new realm and it is placed in the end of the list
> and the authentication never reached it.
>
> It only worked to me if I link the default realm to AD
>
>
>
> Eugene
>
>
>
> *From:*j...@momentumvr.co.uk [mailto:j...@momentumvr.co.uk]
> *Sent:* Sunday, January 07, 2018 5:18 AM
> *To:* 'E.P.'; packetfence-users@lists.sourceforge.net
> *Subject:* RE: [PacketFence-users] Assistance with AD dot1x
>
>
>
> Thanks for that Eugene, I will take a look at that log tomorrow
> morning. The issue is when we try to add the domain via domains>active
> directory domains>add domain. Strangely connecting via realmd works
> without issue every time.
>
>
>
> John
>
>
>
> *From:*E.P. [mailto:ype...@gmail.com]
> *Sent:* 05 January 2018 19:32
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Cc:* j...@momentumvr.co.uk <mailto:j...@momentumvr.co.uk>
> *Subject:* RE: [PacketFence-users] Assistance with AD dot1x
>
>
>
> Hi John,
>
> I still have a fresh experience with configuring AD in PF and it
> worked to me from the first try.
>
> Just to understand it clearly, you can’t complete the configuration if
> you add the source, i.e.
>
> From the *Configuration → Policies and Access Control → Authentication
> Sources*, *Add source → Internal - AD*.
>
> Or it is failing on adding the domain, i.e.
>
> *Configuration → Policies and Access Control → Domains → Active
> Directory Domains – Add Domain***
>
> * *
>
> |And of course, as it is stated in the admin guide I’d go chechking
> this file for any clues:|||
>
> | |
>
> |/chroots/<mydomain>/var/log/samba<mydomain>/log.winbindd|.
> Replace |<mydomain>| with the identifier you set in the domain
> configuration.**
>
>
>
> Eugene
>
>
>
> *From:*john--- via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> *Sent:* Friday, January 05, 2018 5:00 AM
> *To:* packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Cc:* j...@momentumvr.co.uk <mailto:j...@momentumvr.co.uk>
> *Subject:* [PacketFence-users] Assistance with AD dot1x
>
>
>
> Good afternoon everyone,
>
>
>
> We are currently working with PF7.3 on Centos 7 and no matter what we
> do we cannot get AD to complete configuration, it simply returns
> “Null” so obviously fails. When we use realmd it works fine. My
> question initially is, does this affect dot1x authentication via AD if
> we complete this only using realmd and not the configuration panel AD
> connection method? As always your help is greatly appreciated.
>
>
>
> John
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
