On Tue, 2017-10-31 at 14:01 +0530, Anantha Raghava via samba
wrote:> Hi,
>
> We are planning to integrate CISCO-ISE with Samba-AD (Version 4.6.5).
> Websense gateway / proxy are all properly integrated and even single
> sign-on is properly functioning. However, before attempting integration
> of Cisco ISE with Samba-AD, through I should clarify on the following.
> Hence writing this mail.
>
> Cisco ISE supports LDAPs with Following authentication methods:
>
> * Extensible Authentication Protocol AAA Generic Token Card (EAP-GTC)
> * Extensible Authentication Protocol AAA Transport Layer Security
> (EAP-TLS)
> * Protected Extensible Authentication Protocol AAA Transport Layer
> Security (PEAP-TLS)
>
> Which one does Samba-AD support? If I understand correctly it supports
> both EAP-TLS and PEAP-TLS. Am I correct?
>
> Request you to please clarify.
{P,}EAP-TLS proably maps to MSCHAPv2 however see
https://bugzilla.samba.org/show_bug.cgi?id=11892 for a known
incompatibility that may need to be addressed or ruled out for this usecase.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba