Hello Francis, I don’t think it would be doable because the workflow to allow a computer authentication rely a LDAP attribute servicePrincipalName which I don’t think the linux computer object has and passes through the the wpa_supplicant.
I think the best way to handle that situation is to do EAP TLS certificate based authentication. You can filter that EAP TLS based on the connection type TLS. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Mar 21, 2023, at 11:20 AM, Francis via PacketFence-users > <[email protected]> wrote: > > Hello, > > I was able to configure Packetfence to do machine authentication for Windows > desktops. I'm using AD as an authentication source configured with the > computers OU, so user authentication is not possible. This works fine for > both wired 802.1x and WPA2-Enterprise wifi. > > Now I wonder how to do the same thing I did on Windows on my Linux (Ubuntu) > desktops. Like Windows desktops, we joined them to our AD domain (with sssd). > So I guess there is a way to authenticate the computers with the AD computer > object, but I fail to see how to do it after I did multiple searches. > > Network-Manager seems to only allow user-inputed credentials for > PEAP/MSCHAPv2 authentication. > > The goal is to authorize only corporate devices in the employees vlan. All > other unknown devices are restricted to the guest vlan. This is why I'm > trying to do computer auth and not user auth. > > Thank you. > > -- > Francis > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!UuCwj_JREa70qEgBTcUk-SNtECgBVOwHTcsSuu54OZC_IKtpPo6oo2tLkIR3UzOaSoeGRHXuf_53mGoc3v-ZEdCeUFNQa10m7DS4Cg$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
