Hello Yan,
in Freeradius if you want to authenticate a user with 802.1x
peap/mschapv2 then you need to use ntlm_auth and you need to join the
domain to the active directory.
(http://deployingradius.com/documents/protocols/compatibility.html)
I don't know exactly how they do with acs but i remember that they
create a sort of smb packet to do the authentication to the AD.
Regards
Fabrice
Le 2018-01-16 ?? 11:02, Yan a ??crit?0?2:
> Hi Fabrice,
>
> So is there any problem within my configuration which I posted in my
> previous mail ?
> I ask our network team if cisco acs needs to join domian server, they
> said no need. They said they only need to add AD server in cisco ACS
> for authentication. What??s the difference between using acs and using
> pf-freeradius ?
>
>
> ------------------ Original ------------------
> *From:* packetfence-users <[email protected]>
> *Date:* ????,1?? 16,2018 00:26
> *To:* Fabrice Durand <[email protected]>, packetfence-users
> <[email protected]>
> *Cc:* Yan <[email protected]>
> *Subject:* Re: [PacketFence-users] Successfully passed 802.1x auth but
> nonetwork access
>
>
> Yes. They have the same domain/users but on different servers. Both of
> them can authenticate our all users.
>
>
> ------------------ Original ------------------
> *From:* Fabrice Durand <[email protected]>
> *Date:* ????,1?? 15,2018 22:13
> *To:* Yan <[email protected]>, packetfence-users
> <[email protected]>
> *Subject:* Re: [PacketFence-users] Successfully passed 802.1x auth but
> no network access
>
> Hello Yan,
>
> does AD1 and AD2 are the same ? (same domain/users ...)
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-01-15 ?? 00:41, Yan a ??crit :
>> Hi Durand,
>>
>> I installed a netdata in my pf server and not found any network issue
>> yet(I'm learning to use it). But there is another case I'm not sure
>> if it is related to the authentication issue.
>> We have 2 PF servers, pf1 is in office A and pf2 is in office B. We
>> also have 2 domain servers(for AD and DNS) and AD1 is in office A and
>> AD2 is in office B.
>> In configuration--Policy and access control--Domains--Active
>> Directory Domains menu of both PF servers, I added and joined the
>> same domain AD1 (domain in office A).
>> But in Configuration--Policy and access control--Authentication
>> Sources menu, I add domain AD1 to pf1, and AD2 to pf2.
>> And for the connection profile, I choose AD1 as authentication source
>> on pf1, and choose AD2 as authentication source on pf2. I don't know
>> if I clearly describe it, I draw a picture to make is more clear.
>> Would this cause the previous strange issue ?
>
> -- Fabrice [email protected] :: +1.514.447.4918 (x135) ::
> www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
