You could use PF as the source of the user database. You can enable the local user for EAP PEAP MSCHAP v2.
The only down side of it is that you will need to sync up your AD account in PF. It would be easier to generate new account on PF to use and not the AD one. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 25, 2022, at 10:59 AM, Markus Beckschulte > <markus.beckschu...@t39.rwth-aachen.de> wrote: > > Hi Ludovic, > > hmm, ok, thanks for the quick and short answer. Well, EAP TLS is not an > option for us. > > But maybe it could be possible with OpenID as there is an option to create a > local account? This could be served by Keycloak directly. The problem I saw > is that it is not possible to give the users a role based on what is in the > OpenID, only based on the email. > > Thanks in advance > > Markus B > > Am 25.07.2022 15:13, schrieb Zammit, Ludovic: >> Hello Markus, >> It won’t work. >> Your best alternative is to use EAP TLS, the certificate >> authentication does not need a 3rd party server. >> You could use PF as the PKI or / and use your internal one. >> Thanks, >> Ludovic Zammit >> Product Support Engineer Principal >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: >> [1] [2] [3] [4] [5] [6] >>> On Jul 24, 2022, at 9:30 AM, Markus Beckschulte via >>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>> Hello! >>> We have a LDAP-server, 389-ds, storing the users. It is managed by >>> Keycloak mainly, the users registered there are duplicated to the >>> LDAP-server. >>> We want to use PEAP-M$chapv2 on packetfence. For this, as we do not >>> have any NThashes on the LDAP-Server, I thought it would be nice if >>> users could login to a self-service via LDAP-authentication and >>> configure one themself. This NThash should only be stored in the >>> local database of packetfence. This would mean two passwords: One >>> stored on the LDAP-server to login to the self-service and one in >>> the local database to perform handshake checks for M$chapv2. >>> Is this configuration even possible? If so, could you help me a >>> little bit by pointing me to the right direction? And if not, what >>> would you do in my situation? >>> A workaround I considered would be that the users could register by >>> email and that only certain domains are allowed, the ones of the >>> company. But I do not like that because it would be too complicated >>> for the BDU.. :/ >>> Thanks in advance! >>> Markus B >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RqAopddeptT62moYmJNxdl72HUj_lt_QwoP8hUIzsnV7-T8OaVxLSF8x9X9sxFWDJTbF9a45S69mSpQh3qG73kJGajjDTWad0P7NGw$ >> Links: >> ------ >> [1] https://community.akamai.com <https://community.akamai.com/> >> [2] http://blogs.akamai.com <http://blogs.akamai.com/> >> [3] >> https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfnu2ShJaQ$ >> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfnu2ShJaQ$>[4] >> >> https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfkBz7uhZg$ >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfkBz7uhZg$>[5] >> >> https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfk8l_KlAg$ >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfk8l_KlAg$> >> [6] >> https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfk1VgGbBQ$ >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!UiM4_oGt9xPUCzLu-GUzPwAKmomWA6G8K5UBvveSX-MvdC6D9iPV6Gkx7mIvQ_tjpDynaUXAYvV7vg779vMR0_faPp6umfk1VgGbBQ$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
