MS-RPC authentication from Cisco ISE against Samba4 does not work
Hendl Stephan
stephan.hendl at landtag.brandenburg.de
Tue May 3 11:49:51 UTC 2016
Hi all,
we plan to use Samba4 (samba-4.3.7) as well as Cisco Identity Service Engine (ISE-1.4) for authentication purpuses in our WLAN environment with PEAP and MS-ChapV2. In this scenario the ISE asks the Samba4 for verifying the user credentials via MS-RPC.
Joning the ISE into Samba4 works well as well as Kerberos-authentication. Unfortunately MS-RPC-authentication (which is required for MS-ChapV2) does not work. The reason is that Cisco uses the MS-RPC protocol feature called “Security Context Multiplexing” (https://msdn.microsoft.com/en-us/library/cc243716.aspx). Altough the ISE should proof whether Samba4 can handle that feature or not the ISE assumes that all Active Directory implementations can handle those requests and uses them. Unfortunately Samba4 cannot deal with that…
Is there a way to implement that “Security Context Multiplexing”? tcpdumps and samba4 debug logs are availabe on request.
Best regards,
Stephan
--
Dr. Stephan Hendl
Landtag Brandenburg
Verwaltung
Referat V2
Alter Markt 1
14467 Potsdam
Tel.: (0331) 966 1292
Fax.: (0331) 966 99 1292
stephan.hendl at landtag.brandenburg.de
More information about the samba-technical
mailing list