Use Windows AD (Radius module) as an authentication module for LinOTP!!

[HaTiM Chikhi]

Hi,


I'm wondering if it is possible to use the Radius module of Windows AD as an authentication module for LinOTP?

Now I'm using freeradius, but I want to try this with Windows AD (Radius module) because it is the real server that we are using.


Thank you!

[Mirko Ahnert]

Dear HaTiM Chikhi,

correct me, if I misread your setup. You want to substitute FreeRADIUS with a Windows based RADIUS Server which then should contact LinOTP to check the OTPs? If so, you would need to have something like a plugin for the RADIUS server in order to be able to communicate with LinOTP. Unfortunately their is none available at the moment.

If your question is about how to integrate RADIUS in your windows Login procedures (and thereby LinOTP e.g. via FreeRADIUS) - this is possible with Microsoft NPS.

Best regards,

Mirko

-- 

Mirko Ahnert 

LSE Leading Security Experts GmbH, http://www.lsexperts.de 

Postfach 100121, 64201 Darmstadt, Germany 

Zentrale: +49 6151 86086-0 , Fax: -299 

Support Hotline: +49 6151 86086-115 

Unternehmenssitz: Weiterstadt Amtsgericht Darmstadt: HRB8649 

Geschäftsführer: Oliver Michel, Sven Walther 

[HaTiM Chikhi]

Hi Mirko,

Thanks for you reply.

Yes it is the first scenario that I wanted to setup.

For the second scenario, if I understand well, The Microsoft NPS server will relay authentication requests to the FreeRadius server that will talk to LinOTP. is that right?

Thanks for your help.

[Mirko Ahnert]

Hi,

 

For the second scenario, if I understand well, The Microsoft NPS server will relay authentication requests to the FreeRadius server that will talk to LinOTP. is that right?

Yes, this is correct.

Regards,

[HaTiM Chikhi]

OK, this may be a possible solution. Otherwise, it's better to use a seperate FreeRadius server for VPN authentication.

Thank you again for your help.

Best regards,

Hatim