TLS Authentication Protocols

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS Authentication Protocols

Samba - General mailing list
Hi,

We are planning to integrate CISCO-ISE with Samba-AD (Version 4.6.5).
Websense gateway / proxy are all properly integrated and even single
sign-on is properly functioning. However, before attempting integration
of Cisco ISE with Samba-AD, through I should clarify on the following.
Hence writing this mail.

Cisco ISE supports LDAPs with Following authentication methods:

  * Extensible Authentication Protocol AAA Generic Token Card (EAP-GTC)
  * Extensible Authentication Protocol AAA Transport Layer Security
    (EAP-TLS)
  * Protected Extensible Authentication Protocol AAA Transport Layer
    Security (PEAP-TLS)

Which one does Samba-AD support? If I understand correctly it supports
both EAP-TLS and PEAP-TLS. Am I correct?

Request you to please clarify.

--

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: TLS Authentication Protocols

Samba - General mailing list
On Tue, 2017-10-31 at 14:01 +0530, Anantha Raghava via samba wrote:

> Hi,
>
> We are planning to integrate CISCO-ISE with Samba-AD (Version 4.6.5).
> Websense gateway / proxy are all properly integrated and even single
> sign-on is properly functioning. However, before attempting integration
> of Cisco ISE with Samba-AD, through I should clarify on the following.
> Hence writing this mail.
>
> Cisco ISE supports LDAPs with Following authentication methods:
>
>   * Extensible Authentication Protocol AAA Generic Token Card (EAP-GTC)
>   * Extensible Authentication Protocol AAA Transport Layer Security
>     (EAP-TLS)
>   * Protected Extensible Authentication Protocol AAA Transport Layer
>     Security (PEAP-TLS)
>
> Which one does Samba-AD support? If I understand correctly it supports
> both EAP-TLS and PEAP-TLS. Am I correct?
>
> Request you to please clarify.

{P,}EAP-TLS proably maps to MSCHAPv2 however see
https://bugzilla.samba.org/show_bug.cgi?id=11892 for a known
incompatibility that may need to be addressed or ruled out for this usecase.

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba