Hello Andrey, For EAP TLS you don’t need to join the PF servers to your domain.
You will need to add the Root CA that signed the user/computer certs under Configuration > System Configuration > SSL Certificates > RADIUS > RADIUS Certification Authority Certificate(s). Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Feb 14, 2024, at 8:22 AM, Andrey Chernyakov via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hi, PacketFence community, > > Currently I’m evaluating EAPTLS authentication with machine certificates in > my lab for wired network, but Authentication Source with EAPTLS doesn’t seem > to be working. > > From my perspective, the configuration is good, EAP profile prefers TLS > authentication, RADIUS has valid certificate signed by the same CA as machine > certificates with I use for EAPTLS authentication. Connection profile allows > auto-registration of devices. Authentication source should catch-all > authentication attempts and assign devices to role (gaming, for example). > > The problem with such configuration is - devices are authenticated and > auto-registered, but they aren’t matched with authentication source rules > (last screenshot with log can prove it), and they are respectively registered > with no role. But I need role in order to be able to assign devices with > relevant profile. Below you can find screenshots from my lab, any ideas how > to fix it? > > Appreciate your help in advance! > > <Screenshot 2024-02-12 at 16.04.15.png> > <Screenshot 2024-02-12 at 16.04.48.png> > <Screenshot 2024-02-12 at 16.05.35.png> > <Attachment.png> > > -- > Andrey Chernyakov > Senior Network and Security Engineer > > email: chernya...@npsconsult.com <mailto:chernya...@npsconsult.com> > > NPS Consult S.A. > L-5687, Dalheim > Luxembourg > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!V0y-cm6QtbaX3LNvCqTm9ryY2N_3aGEiu4ikb0nOrYFq0feBL78xaFufS1HdtCJqH2S1thqJ0SJep9YaqRkOwJLp6aDXvcSB4ve5CA$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
