Juraj,
Thank you for the direction and the links. I actually did set up
a provisioner for Windows 10 clients, as well as a number of other
things, but I was not sure what else was needed. The documentation
appears to be written for people who already know how everything
works.
On 8/10/20 6:27 AM, Juraj Tobias wrote:
dealing with the same scenario, except I already have the rest working.don't wanna sound unwilling to help, but reading what you wrote sounds like you're a bit misled by the documentation, and there's quite a lot of additional steps involved - I suggest you read further in the manual under https://packetfence.org/doc/PacketFence_Installation_Guide.html#provision and also in https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html but in short: * the user certificate doesn't go anywhere (unless you want to configure each device manually) - you may want to employ the above-mentioned provisioners and captive portal instead * the CA certificate created in https://packetfence.org/doc/PacketFence_Installation_Guide.html#pf-pki goes to https://mgmt:1443/admin/alt#/configuration/certificate/radius<https://192.168.0.39:1443/admin/alt#/configuration/certificate/radius> (replace the "mgmt:1443" with actual IP/hostname of your pf server, ofcourse) * other than this, I followed this guide<https://medium.com/beyond-the-helpdesk/configuring-packetfence-for-use-with-dpsk-6519aaf6fe4d> for captive portal + provisioner setup, however, I had to adjust the settings for EAP-TLS, instead of DPSK (on the packetfence side) i'm still awaiting response from Fabrice reg. my issue, which is related to profile.xml not being downloaded by the provisioner, hope to hear from him soon. hope this helps - packetfence could really use a guided EAP-TLS setup write-up. maybe i'll put one together once I figure this out :) j. ________________________________ From: Kevin MacNeil via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Monday, August 10, 2020 07:46 To: packetfence-users@lists.sourceforge.net <packetfence-users@lists.sourceforge.net> Cc: Kevin MacNeil <kevin.macn...@gmail.com> Subject: [PacketFence-users] Requesting assistance with EAP-TLS authentication Is there any documentation showing how to configure certificate-based wireless authentication using EAP-TLS? I have a working 10.1 installation doing Radius authentication using different models of Juniper switches. For the wireless, I followed the Packetfence PKI documentation https://packetfence.org/doc/PacketFence_Installation_Guide.html#pf-pki and created a CA, a template, created a user certificate and a PKI provider. FWIW I have an Aruba standalone AP in my test lab. I assume the next step is to create an EAP profile as laid out in 16.10 of the installation guide https://packetfence.org/doc/PacketFence_Installation_Guide.html#_radius_eap_profiles. The first step there is to create an SSL certificate, but I do not know where to find all of the certificates required. I have the CA cert and the user cert, but I don't know what to put in the Certificate field, nor am I able to find an intermediate CA cert. I have seen posts where people have got this working, but I am not sure what I need to do to get certficate-based wireless logins working. Any assistance would be appreciated.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
