Hi Ludovic,
hmm, ok, thanks for the quick and short answer. Well, EAP TLS is not an
option for us.
But maybe it could be possible with OpenID as there is an option to
create a local account? This could be served by Keycloak directly. The
problem I saw is that it is not possible to give the users a role based
on what is in the OpenID, only based on the email.
Thanks in advance
Markus B
Am 25.07.2022 15:13, schrieb Zammit, Ludovic:
Hello Markus,
It won’t work.
Your best alternative is to use EAP TLS, the certificate
authentication does not need a 3rd party server.
You could use PF as the PKI or / and use your internal one.
Thanks,
Ludovic Zammit
Product Support Engineer Principal
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
[1] [2] [3] [4] [5] [6]
On Jul 24, 2022, at 9:30 AM, Markus Beckschulte via
PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
Hello!
We have a LDAP-server, 389-ds, storing the users. It is managed by
Keycloak mainly, the users registered there are duplicated to the
LDAP-server.
We want to use PEAP-M$chapv2 on packetfence. For this, as we do not
have any NThashes on the LDAP-Server, I thought it would be nice if
users could login to a self-service via LDAP-authentication and
configure one themself. This NThash should only be stored in the
local database of packetfence. This would mean two passwords: One
stored on the LDAP-server to login to the self-service and one in
the local database to perform handshake checks for M$chapv2.
Is this configuration even possible? If so, could you help me a
little bit by pointing me to the right direction? And if not, what
would you do in my situation?
A workaround I considered would be that the users could register by
email and that only certain domains are allowed, the ones of the
company. But I do not like that because it would be too complicated
for the BDU.. :/
Thanks in advance!
Markus B
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RqAopddeptT62moYmJNxdl72HUj_lt_QwoP8hUIzsnV7-T8OaVxLSF8x9X9sxFWDJTbF9a45S69mSpQh3qG73kJGajjDTWad0P7NGw$
Links:
------
[1] https://community.akamai.com
[2] http://blogs.akamai.com
[3] https://twitter.com/akamai
[4] http://www.facebook.com/AkamaiTechnologies
[5] http://www.linkedin.com/company/akamai-technologies
[6] http://www.youtube.com/user/akamaitechnologies?feature=results_main
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users