[Freeipa-users] FreeRadius Authentications (mschapv2)
Alexander Bokovoy
abokovoy at redhat.com
Tue Jul 21 18:16:36 UTC 2015
On Mon, 20 Jul 2015, William Graboyes wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>Hi List,
>
>
>I have run into a snag, I figured I would start here and move forward.
> I have been searching around for the past 3 or 4 hours looking for
>some solution to this the issue that I am having.
>
>We are doing 802.1x against our freeipa servers. While Kerberos auth
>is working perfectly fine (when used from an android or linux device)
>however when it comes to Macs (they strive to be different -_-) when
>using EAP-TTLS (which everything else is perfectly happy to use chap
>or pap) Mac only uses mschapv2 when using EAP-TTLS.
>
>I don't have an active directory to run against, nor do I have samba
>services running (why would I, there are a total of 5 windows boxes in
>the entire environment.
>
>I was wondering if there was some form of a FreeIPA solution to this
>form of problem (something I may be missing) that will handle the NTLM
>auth on a linux system.
>
>I have found some things that are brutishly old, like kcrap, but
>nothing seems to fit the bill. I am not against installing samba
>somewhere (even on the radius servers) to handle this form of
>authentication, I am just no sure which direction to go for handling
>this form of auth against FreeIPA. I would much prefer to use PAM or
>Kerberos, it just doesn't look like that is going to work in this
>situation.
Check this blog post: http://firstyear.id.au/entry/22
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list