On Mon, 20 Jul 2015, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I have run into a snag, I figured I would start here and move forward.
I have been searching around for the past 3 or 4 hours looking for
some solution to this the issue that I am having.
We are doing 802.1x against our freeipa servers. While Kerberos auth
is working perfectly fine (when used from an android or linux device)
however when it comes to Macs (they strive to be different -_-) when
using EAP-TTLS (which everything else is perfectly happy to use chap
or pap) Mac only uses mschapv2 when using EAP-TTLS.
I don't have an active directory to run against, nor do I have samba
services running (why would I, there are a total of 5 windows boxes in
the entire environment.
I was wondering if there was some form of a FreeIPA solution to this
form of problem (something I may be missing) that will handle the NTLM
auth on a linux system.
I have found some things that are brutishly old, like kcrap, but
nothing seems to fit the bill. I am not against installing samba
somewhere (even on the radius servers) to handle this form of
authentication, I am just no sure which direction to go for handling
this form of auth against FreeIPA. I would much prefer to use PAM or
Kerberos, it just doesn't look like that is going to work in this
Check this blog post: http://firstyear.id.au/entry/22
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project