Re: [otrs] SSO

Tue, 13 May 2014 09:01:28 -0700

HI Gerald,

Sorry I jumped to this topic.
I would be interested to use RADIUS for such purpose.
I tried earlier but not sure how / which field windows AD uses for password with radius. I guess we need to make logical mapping of password field.
In Radius the request comes in User-Password/CHAP Password  and how to make use with AD not sure.

My radius does search but it results in saying password failures. ( LDAP works fine though ).





On 5/13/2014 9:23 PM, Gerald Young wrote:
Hi, David,

Since I'm constantly securing Cisco VPN's via RADIUS with Windows Network Policy Server, I have a recipe that works quite well for that purpose, making the VPN logins follow desktop passwords and using AD group membership to address allowed VPN users.

I don't mind providing such information, if you're interested. However, without that information, RADIUS is indeed not for the faint of heart.




On Tue, May 13, 2014 at 11:44 AM, David Boyes <dbo...@sinenomine.net> wrote:

 

I notice the link you provided uses RADIUS for authentication instead of the others I pointed to that use Kerberos.  Would you say that this is a simpler and more supported way of handling the SSO issue? 

 

I’m not Gerald, but I’ll speak up: No, unless you have another REALLY compelling reason to use RADIUS (like a dialup terminal server that uses it for AAA), it’s not the direction you want to go. RADIUS is REALLY complicated to get working right, and it’s increasingly rare. Kerberos/AD (AD is just a integrated Kerberos/LDAP server) is the way to go.


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs



---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs





---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

Reply via email to