Authentication with Kerberos

thomas hahusseau thomas.hahusseau at gmail.com
Thu Jun 15 14:15:58 CEST 2006 

the problem is that my wifi card (Cisco Aironet) doesn't support the TTLS
i'll try to find one which support it .

About TTLS is it that kind of EAP authentification with :
Step 1 : TLS handshake , 1 certificat on radius server and 1 certificate on
supplicant ?
Step 2 : Kerberos or any other kind of authentication inside the TLS tunnel
?

in fact I plan to use the PEAP authentication like that :
Step 1 : building a TLS tunnel (Certificate on Radius server only)
Step 2 : Supplicant sent login + hashed password
Step 3 : freeradius ask Active Directory for a kerberos ticket/token
Step 4 :freeradius send its token to the AD and ask for performing a search
in ldap directory
Step 5 : check in the token if freeradius is allowed to search inside LDAP
Step 6 : comparason of hashed password.

According to me that solution would remplace the ntlm auth , and it's not
the supplicant which use kerberos but freeradius, to perform a secure
authentication with LDAP database.

could you give informations or telling me if I'm right ?

thank you
thomas
2006/6/15, Josh Howlett <josh.howlett at bristol.ac.uk>:
>
> thomas hahusseau wrote:
> > Hello,
> >
> > I would like to set up that kind of configuration :
> >
> > EAP-PEAP(Mschapv2) Request ---> AP ---> Freeradius ----> Kerberos
> > authentication to an Active Directory
>
> This isn't possible - EAP-PEAP requires access to the plaintext password
> or NTLM hash.
>
> You should be able to do this with EAP-TTLS, however.
>
> best regards, josh.
>
> > In fact i would like to use Kerberos (wich is supported by Active
> > Directory) instead of ntlm_auth, in freeradius features list avalaible
> > onf the official website I have found :
> >
> >     * authentication to a Windows Domain Controller (via ntlm_auth and
> >       winbindd)
> >
> >     * Kerberos authentication
> >
> > Anyone can confirm this possibility to use Kerberos auth with freeradius
> > and maybe any how-to or advices ?
> >
> > thank you
> > Thomas Hahusseau
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060615/dee8a168/attachment.html>

More information about the Freeradius-Users mailing list