Re: [PacketFence-users] Generate local users from ldap

Mon, 25 Jul 2022 07:26:03 -0700 

Hello Markus,

It won’t work.

Your best alternative is to use EAP TLS, the certificate authentication does 
not need a 3rd party server.

You could use PF as the PKI or / and use your internal one.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:         <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Jul 24, 2022, at 9:30 AM, Markus Beckschulte via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> Hello!
> 
> We have a LDAP-server, 389-ds, storing the users. It is managed by Keycloak 
> mainly, the users registered there are duplicated to the LDAP-server.
> 
> We want to use PEAP-M$chapv2 on packetfence. For this, as we do not have any 
> NThashes on the LDAP-Server, I thought it would be nice if users could login 
> to a self-service via LDAP-authentication and configure one themself. This 
> NThash should only be stored in the local database of packetfence. This would 
> mean two passwords: One stored on the LDAP-server to login to the 
> self-service and one in the local database to perform handshake checks for 
> M$chapv2.
> 
> Is this configuration even possible? If so, could you help me a little bit by 
> pointing me to the right direction? And if not, what would you do in my 
> situation?
> 
> A workaround I considered would be that the users could register by email and 
> that only certain domains are allowed, the ones of the company. But I do not 
> like that because it would be too complicated for the BDU.. :/
> 
> Thanks in advance!
> 
> Markus B
> 
> 
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RqAopddeptT62moYmJNxdl72HUj_lt_QwoP8hUIzsnV7-T8OaVxLSF8x9X9sxFWDJTbF9a45S69mSpQh3qG73kJGajjDTWad0P7NGw$
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to