integration openOTP-AD-RDP
2,063 views
Skip to first unread message
Rampa
Jun 21, 2012, 9:59:52 AM6/21/12
to RCDevs Security Solutions - Technical
hello,
I am an IT manager and my goal is to have an AD domain based on
windows 2008, your OTP solution working and the possibility to use RDP
to reach windows 2008 servers in the domain using OTP authentication.
I installed your vm, I installed a fresh domain controller windows
2008.
Then i installed AD certificate services on windows 2008.
Then i tried to configure server.xml and webadm.conf but i am
completely lost.
where i can find tutorial or any kind of support?
Thank you
I am an IT manager and my goal is to have an AD domain based on
windows 2008, your OTP solution working and the possibility to use RDP
to reach windows 2008 servers in the domain using OTP authentication.
I installed your vm, I installed a fresh domain controller windows
2008.
Then i installed AD certificate services on windows 2008.
Then i tried to configure server.xml and webadm.conf but i am
completely lost.
where i can find tutorial or any kind of support?
Thank you
Administrators
Jun 21, 2012, 11:20:32 AM6/21/12
to RCDevs Security Solutions - Technical
This is quite simple to configure WebADM/OpenOTP with AD 2008.
First you need AD with LDAP SSL enabled and you need to know the LDAP
base DN of your AD.
You can use an LDAP explorer for windows to know what is your base DN.
It should look like "dc=yourDomain,dc=com".
Then you do:
1) Configure servers.xml: Change the host to your AD domain controller
IP or hostname. Please connect to the DC having the schema master role
in your AD. You configuration should look like:
<LdapServer name="My AD Server"
host="localhost"
port="636"
encryption="SSL"
cert_file=""
key_file="" />
Notice the port 636 for LDAP SSL.
2) Configure webadm.conf: You need to adjust all the settings with an
LDAP DN. That means:
- proxy_user: Use the AD Administrator DN as proxy user (something
like cn=Administrator,cn=Users,dc=yourDomain,dc=com). You can use
another user but the proxy user must have admin rights to the LDAP
user objects.
- proxy password: This is the AD password for the proxy user (your
administrator password).
- super_admins: Put the same Administrator DN in this admin list.
- other_admins: You can comment it for now.
- optionsets_container and other containers: Adjust all of them with
your AD tree base. For example, optionsets_container should look like
cn=OptionSets,cn=WebADM,dc=yourDomain,dc=com.
- alert_email: Put your email address.
3) Restart WebADM and login at https://yourserver/. WebADM will ask
for your Adminsitrator LDAP DN (like
cn=Administrator,cn=Users,dc=yourDomain,dc=com) and the password.
Please look at logs with a "tail -f /opt/webadm/logs/httpd.log".
4) After login, WebADM will prompts you for running the graphical
setup tasks. Just follow.
5) Configure your WebADM Domain. Go to menu->Infos->Registered
Domains. And adjust the default domain object if necessary. The User
Search Base setting of the domain must be set to the LDAP location
where you have the users (like cn=Users,dc=yourDomain,dc=com).
6) Configure the OpenOTP Application in menu->Applications->OTP Server-
>Configure.
At least, set the default domain to your domain.
You can re-edit the webadm.conf file and change the auth_mode to UID
to login to WebADM with the AD Administrator username instead of the
DN. But only when the domain works. You can also switch back to DN at
any time.
For the rest, just look at the OpenOTP QuickStart Guide...
First you need AD with LDAP SSL enabled and you need to know the LDAP
base DN of your AD.
You can use an LDAP explorer for windows to know what is your base DN.
It should look like "dc=yourDomain,dc=com".
Then you do:
1) Configure servers.xml: Change the host to your AD domain controller
IP or hostname. Please connect to the DC having the schema master role
in your AD. You configuration should look like:
<LdapServer name="My AD Server"
host="localhost"
port="636"
encryption="SSL"
cert_file=""
key_file="" />
Notice the port 636 for LDAP SSL.
2) Configure webadm.conf: You need to adjust all the settings with an
LDAP DN. That means:
- proxy_user: Use the AD Administrator DN as proxy user (something
like cn=Administrator,cn=Users,dc=yourDomain,dc=com). You can use
another user but the proxy user must have admin rights to the LDAP
user objects.
- proxy password: This is the AD password for the proxy user (your
administrator password).
- super_admins: Put the same Administrator DN in this admin list.
- other_admins: You can comment it for now.
- optionsets_container and other containers: Adjust all of them with
your AD tree base. For example, optionsets_container should look like
cn=OptionSets,cn=WebADM,dc=yourDomain,dc=com.
- alert_email: Put your email address.
3) Restart WebADM and login at https://yourserver/. WebADM will ask
for your Adminsitrator LDAP DN (like
cn=Administrator,cn=Users,dc=yourDomain,dc=com) and the password.
Please look at logs with a "tail -f /opt/webadm/logs/httpd.log".
4) After login, WebADM will prompts you for running the graphical
setup tasks. Just follow.
5) Configure your WebADM Domain. Go to menu->Infos->Registered
Domains. And adjust the default domain object if necessary. The User
Search Base setting of the domain must be set to the LDAP location
where you have the users (like cn=Users,dc=yourDomain,dc=com).
6) Configure the OpenOTP Application in menu->Applications->OTP Server-
>Configure.
At least, set the default domain to your domain.
You can re-edit the webadm.conf file and change the auth_mode to UID
to login to WebADM with the AD Administrator username instead of the
DN. But only when the domain works. You can also switch back to DN at
any time.
For the rest, just look at the OpenOTP QuickStart Guide...
Rampa
Jun 22, 2012, 9:42:10 AM6/22/12
to RCDevs Security Solutions - Technical
Great!
Huhuhuuh I managed to make everything works!
I am very happy.
Now i have to go on with radius i think?
My goal is to use RDP, and get a mask for user/password and otp ID.
Can you give me an hint?
Thank you!
> 3) Restart WebADM and login athttps://yourserver/. WebADM will ask
> > Thank you- Nascondi testo citato
>
> - Mostra testo citato -
Huhuhuuh I managed to make everything works!
I am very happy.
Now i have to go on with radius i think?
My goal is to use RDP, and get a mask for user/password and otp ID.
Can you give me an hint?
Thank you!
>
> - Mostra testo citato -
Manoj Nair
Feb 18, 2014, 9:56:32 PM2/18/14
to rcdevs-t...@googlegroups.com, alessandr...@gmail.com
Hi group
I saw the Open OTP project yesterday and we are looking at implementing it for our 2FA in office.
Im intrested in knowing a few things about the product
I saw RCDevs product nad htey are offering VMs aas well which are preconfigured etc
My queries are on hte following points
1. What is the authenticator used on hte mobile phone soft the client side - I saw google authenticator - if so how to integrate it
2. Can this system be configured to send SMS to end user
3. Can this system be used to send email OTP to end user
4. Im from India - does nayone know any support service providers in Bangalore/ India
Request anyone in the group to answer my queries.
Thanks and regards
Manoj Kumar Nair
Administrators
Feb 19, 2014, 9:53:38 AM2/19/14
to rcdevs-t...@googlegroups.com, alessandr...@gmail.com
1. Once WebADM/OpenOTP is setup you can enrol OATH HOTP and TOTP soft Tokens in your LDAP user accounts.
Google Authenticator is an OATH soft token with a nice QRCode -based enrolment process and which supports both HOTP (event) and TOTP (time) token.
Follow the quick start guide here : http://www.rcdevs.com/downloads/download.php?type=1&id=Enterprise%2FOpenOTP_QuickStart.pdf
2. Yes SMS and Email OTPs are supported too. And you can use several auth method at the same time (ex. SMS + Email or SMS + Token).
You can have multiple tokens too.
3. There is R-SQUARE in India http://www.rcdevs.com/partners/integrator/?zone=&country=India
Or you can contact RCDEVS directly too.
Reply all
Reply to author
Forward
0 new messages