subject:"Authentication with Kerberos"

Authentication with Kerberos

2006-06-15 Thread thomas hahusseau

Hello,

I would like to set up that kind of configuration :

EAP-PEAP(Mschapv2) Request --- AP --- Freeradius  Kerberos authentication to an Active Directory

In fact i would like to use Kerberos (wich is supported by Active
Directory) instead of ntlm_auth, in freeradius features list avalaible
onf the official website I have found :


authentication to a Windows Domain Controller (via ntlm_auth and winbindd)


  Kerberos authentication

Anyone can confirm this possibility to use Kerberos auth with freeradius and maybe any how-to or advices ?

thank you
Thomas Hahusseau



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication with Kerberos

2006-06-15 Thread thomas hahusseau

the problem is that my wifi card (Cisco Aironet) doesn't support the TTLS i'll try to find one which support it .

About TTLS is it that kind of EAP authentification with :
Step 1 : TLS handshake , 1 certificat on radius server and 1 certificate on supplicant ?
Step 2 : Kerberos or any other kind of authentication inside the TLS tunnel ?

in fact I plan to use the PEAP authentication like that :
Step 1 : building a TLS tunnel (Certificate on Radius server only)
Step 2 : Supplicant sent login + hashed password
Step 3 : freeradius ask Active Directory for a kerberos ticket/token
Step 4 :freeradius send its token to the AD and ask for performing a search in ldap directory
Step 5 : check in the token if freeradius is allowed to search inside LDAPStep 6 : comparason of hashed password.

According to me that solution would remplace the ntlm auth , and it's
not the supplicant which use kerberos but freeradius, to perform a
secure authentication with LDAP database.

could you give informations or telling me if I'm right ?

thank you
thomas2006/6/15, Josh Howlett [EMAIL PROTECTED]:
thomas hahusseau wrote: Hello, I would like to set up that kind of configuration : EAP-PEAP(Mschapv2) Request --- AP --- Freeradius  Kerberos authentication to an Active Directory
This isn't possible - EAP-PEAP requires access to the plaintext passwordor NTLM hash.You should be able to do this with EAP-TTLS, however.best regards, josh. In fact i would like to use Kerberos (wich is supported by Active
 Directory) instead of ntlm_auth, in freeradius features list avalaible onf the official website I have found : * authentication to a Windows Domain Controller (via ntlm_auth and winbindd)
 * Kerberos authentication Anyone can confirm this possibility to use Kerberos auth with freeradius and maybe any how-to or advices ? thank you Thomas Hahusseau
  - List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authentication with Kerberos

Re: Authentication with Kerberos

2 matches

Site Navigation

Mail list logo

Footer information