Hi Rob,
On 3/3/23 01:14, Rob Game via PacketFence-users wrote:
I am interested in using PacketFence to do 802.1x with EAP-TLS in our
small environment. We are a highly security-conscious team and would
like to know how PacketFence handles Domain Joins and the associated
domain admin credentials.
I understand the system needs to be domain joined to create an account
to validate Computer AD groups and such. On other products I have seen
this is only required once, and the domain admin credentials are not
stored. Is this the case for PacketFence?
If they are stored, would creating a temporary DA account for the join,
then disabling/deleting the account work as an alternative approach?
I'm no AD expert, but PacketFence uses Samba, which will only save the
machine password, not the DA password. You could also try creating an
account with only domain-join privileges and see if that works:
https://www.moderndeployment.com/correct-domain-join-account-permissions/
--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
