rfs6000 configuration with samba4 AD ntlm auth for radius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-22-2018 07:11 PM
Hi folks,
We have a rfs6000 controller that we are trying to set up radius access with samba4 AD. The "controller" has joined the AD and at the beginning is ok. What we are having problems with and part of the certificates. How to generate the CSR and sign it internally for client authentication to work with your AD credentials? How to proceed?
We have a rfs6000 controller that we are trying to set up radius access with samba4 AD. The "controller" has joined the AD and at the beginning is ok. What we are having problems with and part of the certificates. How to generate the CSR and sign it internally for client authentication to work with your AD credentials? How to proceed?
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-26-2018 04:50 AM
Hi,
you don't need the break.
Signed server certificate -> certificate for your server
Intermediate CA -> certificate from the intermediate
Root CA -> certificate from the Root
Are you familiar with PKI? Inside a company you mostly have a offline root CA and a active intermediate CA. The intermediate is signed by the root and your server certificate by the intermediate. Based on this, you include the complete key chain.
This community for example use this key chain:
DigiCert High Assurance EV Root CA-> DigiCert SHA2 High Assurance Server CA
--> community.extremenetworks.com
you don't need the break.
Signed server certificate -> certificate for your server
Intermediate CA -> certificate from the intermediate
Root CA -> certificate from the Root
Are you familiar with PKI? Inside a company you mostly have a offline root CA and a active intermediate CA. The intermediate is signed by the root and your server certificate by the intermediate. Based on this, you include the complete key chain.
This community for example use this key chain:
DigiCert High Assurance EV Root CA-> DigiCert SHA2 High Assurance Server CA
--> community.extremenetworks.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-23-2018 12:05 PM
Hey Timo, thanks for the answer!!
In the link you posted, the first option for configuring certificates looks like this:
-----BEGIN CERTIFICATE ----- (Signed server certificate) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 1) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 2) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Root CA certificate) -----END CERTIFICATE -------Do I need to have these two line breaks between the signed server certificate and the intermediate ca...?
Would the Signed server certificate be the certificate that, for example, GlobalSign provided?
Do you use the internal AAA from the RFS?Yes.
The AD connection already run and you just need a valid cert?Yes.
In the link you posted, the first option for configuring certificates looks like this:
-----BEGIN CERTIFICATE ----- (Signed server certificate) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 1) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Intermediate CA certificate 2) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (Root CA certificate) -----END CERTIFICATE -------Do I need to have these two line breaks between the signed server certificate and the intermediate ca...?
Would the Signed server certificate be the certificate that, for example, GlobalSign provided?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-23-2018 07:27 AM
Do you use the internal AAA from the RFS? The AD connection already run and you just need a valid cert?
For that case, you can check this link:
https://extremeportal.force.com/ExtrArticleDetail?n=000014936
For that case, you can check this link:
https://extremeportal.force.com/ExtrArticleDetail?n=000014936
