You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to priva...@googlegroups.com
Can Privacyidea communicate with Windows Radius to add OTP to network devices which currently use windows radius to authenticate/authorize?
The scenario I am looking to test is ...
External user --> VPN Device -->Windows Radius (For username and security group) -->Privacyidea (For two factor authentication)
Standard model uses Freeradius where I have Windows Radius. Can I replace FreeRadius with Windows Radius? I am trying to play nice with Windows Radius since its already deployed but if its just not possible I need to come up with a strong reason to move from Windows Radius to FreeRadius.
Thanks
Cornelius Kölbel
unread,
Jul 13, 2015, 3:44:20 PM7/13/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to priva...@googlegroups.com
Hi Shawn,
are you still talking about Microsoft IAS (2003) or Microsoft NPS (2008
+)?
At the moment there is no ready made NPS plugin.
Anyway - what is your budget?
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to privacyidea, corneliu...@netknights.it
Currently NPS 2008 is being used. My immediate goal is to run a proof of concept with an SSL vpn. I read somewhere that I can proxy the NPS to an OTP server for otp generation.Does that sound like something that can be used in this scenario?
user --> SSL VPN --> Windows Radius --> proxy to OTP server to verify OTP --> ssl vpn authenticate and authorize.
Cornelius Kölbel
unread,
Jul 28, 2015, 12:32:49 AM7/28/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to privacyidea
Hi Shawn,
yes you can do this. The NPS would forward the authentication request to FreeRADIUS. Freeradius would use the privacyidea auth module to get the authentication request verifies by privacyIDea. privacyidea would tell FreeRADIUS accept or reject, freeradius would tell NPS the answer and thus NPS can give the result to the SSL VPN.
There are ideas of a colleague of mine to implement an NPS plugin. This would have to be funded within a project. This might be a solution in the long run, to get rid of the FreeRADIUS.