Re: [PacketFence-users] Need help Packetfence 8021x AD Auth for Devices NOT member of Active Directory

Wed, 06 Jun 2018 08:02:41 -0700 

Hello Martin,
The difference between machine authentication and user authentication is very minimal. 


When you join a windows computer to the domain then in the AD computers 
OU you will have a computer account and when you configure your 
supplicant to do computer authentication then the username will be 
host\computer_name.



With user authentication the only difference us the format of the 
username (bob versus host\computer_name).



So you can use 802.1x authentication with peap-mschap v2 even if the 
device is not joined to the domain by doing user auth.




Also if you want to do eap-tls then you will need to have the ca public 
key of your pki and put it in the file eap.conf (CA_file = /usr/.....ca.pem)



Then if a device do eap-tls with a certificate signed by your pki then 
radius will allow the access.


Regards

Fabrice



Le 2018-06-06 à 09:57, Schenkelberg, Martin via PacketFence-users a écrit :


Hi all,


we are using Packetfenc togehter with Aruba and H3C Switches. An i 
need some help confugring 8021.x cert authentification for devices not 
joned to our Active Directory.



We use Packetfence 8.0.1 ZEN with VLAN Enforcement, the PF is Joined 
to our Active Directory.



Mac Auth works fine,   8021x Auth for Domain Computers Works fine but 
i hav no idea how to authenticate non domain member devices against 
our active directory.


Is this possible, what is needed to get this going.


Here: https://www.msxfaq.de/windows/sicherheit/8021x.htm (German Page) 
i found some information about manualy create a device certificate and 
a computer object but i was not able to get this


to work.

Someone Ideas?

Thank you

Mit freundlichen Grüßen

*Martin Schenkelberg*
IT Consulting und Services

*H&G Hansen & Gieraths*
EDV Vertriebsgesellschaft mbH
Bornheimer Straße 42-52
D-53111 Bonn

martin.schenkelb...@hug.de <mailto:martin.schenkelb...@hug.de>
www.hug.de

*H&G Hansen & Gieraths EDV Vertriebsgesellschaft mbH,
Postfach 1605, 53006 Bonn, USt.IdNr. DE122121252*
Geschäftsführer: Dr. H. Hellmuth Hansen
Sitz der Gesellschaft: Bonn, Amtsgericht Bonn HR B 4027




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to