This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

rfs6000 configuration with samba4 AD ntlm auth for radius

rfs6000 configuration with samba4 AD ntlm auth for radius

Elias_Morais_Pe
New Contributor

‎03-22-2018 07:11 PM

Hi folks,

We have a rfs6000 controller that we are trying to set up radius access with samba4 AD. The "controller" has joined the AD and at the beginning is ok. What we are having problems with and part of the certificates. How to generate the CSR and sign it internally for client authentication to work with your AD credentials? How to proceed?
0 Kudos
3 REPLIES 3

Timo1
New Contributor II

‎03-26-2018 04:50 AM

Hi,
you don't need the break.

Signed server certificate -> certificate for your server
Intermediate CA -> certificate from the intermediate
Root CA -> certificate from the Root

Are you familiar with PKI? Inside a company you mostly have a offline root CA and a active intermediate CA. The intermediate is signed by the root and your server certificate by the intermediate. Based on this, you include the complete key chain.

This community for example use this key chain:
DigiCert High Assurance EV Root CA-> DigiCert SHA2 High Assurance Server CA
--> community.extremenetworks.com
0 Kudos

Elias_Morais_Pe
New Contributor

‎03-23-2018 12:05 PM

Hey Timo, thanks for the answer!!
Do you use the internal AAA from the RFS?
Yes.
The AD connection already run and you just need a valid cert?
Yes.

In the link you posted, the first option for configuring certificates looks like this:

-----BEGIN CERTIFICATE ----- (Signed server certificate) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 1) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 2) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Root CA certificate) -----END CERTIFICATE -------Do I need to have these two line breaks between the signed server certificate and the intermediate ca...?

Would the Signed server certificate be the certificate that, for example, GlobalSign provided?
0 Kudos

Timo1
New Contributor II

‎03-23-2018 07:27 AM

Do you use the internal AAA from the RFS? The AD connection already run and you just need a valid cert?

For that case, you can check this link:
https://extremeportal.force.com/ExtrArticleDetail?n=000014936
0 Kudos
GTM-P2G8KFN