Windows Radius and Privacyidea
243 views
Skip to first unread message
Shawn
Jul 13, 2015, 3:17:06 PM7/13/15
to priva...@googlegroups.com
Can Privacyidea communicate with Windows Radius to add OTP to network devices which currently use windows radius to authenticate/authorize?
The scenario I am looking to test is ...
External user --> VPN Device -->Windows Radius (For username and security group)
-->Privacyidea (For two factor authentication)
Standard model uses Freeradius where I have Windows Radius. Can I replace FreeRadius with Windows Radius? I am trying to play nice with Windows Radius since its already deployed but if its just not possible I need to come up with a strong reason to move from Windows Radius to FreeRadius.
Thanks
The scenario I am looking to test is ...
External user --> VPN Device -->Windows Radius (For username and security group)
-->Privacyidea (For two factor authentication)
Standard model uses Freeradius where I have Windows Radius. Can I replace FreeRadius with Windows Radius? I am trying to play nice with Windows Radius since its already deployed but if its just not possible I need to come up with a strong reason to move from Windows Radius to FreeRadius.
Thanks
Cornelius Kölbel
Jul 13, 2015, 3:44:20 PM7/13/15
to priva...@googlegroups.com
Hi Shawn,
are you still talking about Microsoft IAS (2003) or Microsoft NPS (2008
+)?
At the moment there is no ready made NPS plugin.
Anyway - what is your budget?
Kind regards
Cornelius
> The information contained in or attached to this email is strictly
> confidential. If you are not the intended recipient, please notify us
> immediately by telephone and return the message to us.
>
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/c234ef1e-91c0-4662-82fc-73f99a14f8a4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
are you still talking about Microsoft IAS (2003) or Microsoft NPS (2008
+)?
At the moment there is no ready made NPS plugin.
Anyway - what is your budget?
Kind regards
Cornelius
> confidential. If you are not the intended recipient, please notify us
> immediately by telephone and return the message to us.
>
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/c234ef1e-91c0-4662-82fc-73f99a14f8a4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Shawn
Jul 27, 2015, 5:00:14 PM7/27/15
to privacyidea, corneliu...@netknights.it
Currently NPS 2008 is being used. My immediate goal is to run a proof of concept with an SSL vpn. I read somewhere that I can proxy the NPS to an OTP server for otp generation.Does that sound like something that can be used in this scenario?
user --> SSL VPN --> Windows Radius --> proxy to OTP server to verify OTP --> ssl vpn authenticate and authorize.
Cornelius Kölbel
Jul 28, 2015, 12:32:49 AM7/28/15
to privacyidea
Hi Shawn,
yes you can do this. The NPS would forward the authentication request to FreeRADIUS. Freeradius would use the privacyidea auth module to get the authentication request verifies by privacyIDea. privacyidea would tell FreeRADIUS accept or reject, freeradius would tell NPS the answer and thus NPS can give the result to the SSL VPN.
There are ideas of a colleague of mine to implement an NPS plugin. This would have to be funded within a project. This might be a solution in the long run, to get rid of the FreeRADIUS.
Kind regards Cornelius
Cornelius Kölbel
+49 151 2960 1417
NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
-------- Ursprüngliche Nachricht --------
Von: Shawn <shawn.w...@ullink.com>
Datum: 27.07.2015 23:00 (GMT+01:00)
An: privacyidea <priva...@googlegroups.com>
Cc: corneliu...@netknights.it
Betreff: Re: Windows Radius and Privacyidea
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/bf10b7fe-195a-4bd9-b99c-cfbd4b8611eb%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages