[RADIATOR] question about machine based authentication
Heikki Vatiainen
hvn at open.com.au
Thu Nov 10 16:21:24 CST 2011
On 11/09/2011 09:46 PM, Joy Veronneau wrote:
> Is it possible for the radiator server to do machine-based
> authentication (via certificate) to an Active Directory domain?
You may want to check if the really mean certificates, since machine
based authentication can work with PEAP/EAP-MSCHAP-V2 too. When the
machine joins to domain, a password and username is automatically
created and these can be used for machine based authentication. This is
also supported by Radiator by default too.
> I have MSCHAPv2 working to our AD domain with username/password, but
> now someone is asking about machine-based authentication. They are
> currently doing this with an MS radius server and would like to
> switch to our centrally managed radius server and central AD system.
> I know that we would have to issue a new cert to the machine from the
> central AD domain… but I'm not finding much about how to set up
> radiator in my on-line research so far.
EAP-TLS, see goodies too, can be used here. Radiator can also do extra
checks for certs besides just checking if the cert is valid or not.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list