[Freeipa-users] FreeRadius Authentications (mschapv2)
William Graboyes
wgraboyes at cenic.org
Mon Jul 20 22:35:42 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi List,
I have run into a snag, I figured I would start here and move forward.
I have been searching around for the past 3 or 4 hours looking for
some solution to this the issue that I am having.
We are doing 802.1x against our freeipa servers. While Kerberos auth
is working perfectly fine (when used from an android or linux device)
however when it comes to Macs (they strive to be different -_-) when
using EAP-TTLS (which everything else is perfectly happy to use chap
or pap) Mac only uses mschapv2 when using EAP-TTLS.
I don't have an active directory to run against, nor do I have samba
services running (why would I, there are a total of 5 windows boxes in
the entire environment.
I was wondering if there was some form of a FreeIPA solution to this
form of problem (something I may be missing) that will handle the NTLM
auth on a linux system.
I have found some things that are brutishly old, like kcrap, but
nothing seems to fit the bill. I am not against installing samba
somewhere (even on the radius servers) to handle this form of
authentication, I am just no sure which direction to go for handling
this form of auth against FreeIPA. I would much prefer to use PAM or
Kerberos, it just doesn't look like that is going to work in this
situation.
Thanks,
Bill
CENIC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVrXe+AAoJEJFMz73A1+zrHssP/jLvj1FTEtLDmmqEF98/4nDG
hOqUFTSLLL0AnJtw6MTHOFc6sUjQ4N16CQU9m7fmISWyLK+ZlkWAxGicpuubucAO
GflmlGkMCgyvkkl1BOOaJtk7psus0pqV4+SGxnHmDFxGWegoYpv529C7sBY5dkr6
H8euF4L8Ykc00EflXzVgxbgewOyPtFbmd0FlYnI+ljq8ZgC9T7qZgQLjrc6Eenl3
NEa/4AA5y7aAkcnrlkrLfhDNhvoLI/0qw4x1Rs5GuWZ7HUWaNCIGvjXcgPTT66h3
udQTewlThNT7H2Ztxtbl8v4pp4Gm7kW8JY9qrHfq80eyakV3ujScPkdznKuctuvk
0fIiOWK+8GIsWE8FXu+smsQfL6KxvAJQ6CR9zIKrcJ+xhtM/mv93gkCc3fOXZTxu
Ul8K/vpZAGQMKCw2p3/44/Db/8vMT10M7PyDvVF7cA/kVnj64xIQdffeDIHBluqn
KDjgLYIp/E9YywEwzdkVhNhrbrrZMXTjdhZ+jFdWHryoZjZkzBvxgHMCLn3PPJji
pr4egmAEV6+URmWX7BVG8wCsNAk3zPXhZlixgfch/moGxY7RF8X9WCAWphxPyalH
/ZpkNu9DvmVJmqu0rzRUt32AELaRK8X33QFQHmax1hwM4STVeFldZOU/Udb2x2RV
X/duQhu0+Nfjxk3g5166
=gVX9
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list