[Samba] TLS Authentication Protocols

Andrew Bartlett abartlet at samba.org
Tue Oct 31 09:17:28 UTC 2017

On Tue, 2017-10-31 at 14:01 +0530, Anantha Raghava via samba wrote:
> Hi,
> We are planning to integrate CISCO-ISE with Samba-AD (Version 4.6.5). 
> Websense gateway / proxy are all properly integrated and even single 
> sign-on is properly functioning. However, before attempting integration 
> of Cisco ISE with Samba-AD, through I should clarify on the following. 
> Hence writing this mail.
> Cisco ISE supports LDAPs with Following authentication methods:
>   * Extensible Authentication Protocol AAA Generic Token Card (EAP-GTC)
>   * Extensible Authentication Protocol AAA Transport Layer Security
>     (EAP-TLS)
>   * Protected Extensible Authentication Protocol AAA Transport Layer
>     Security (PEAP-TLS)
> Which one does Samba-AD support? If I understand correctly it supports 
> both EAP-TLS and PEAP-TLS. Am I correct?
> Request you to please clarify.

{P,}EAP-TLS proably maps to MSCHAPv2 however see 
https://bugzilla.samba.org/show_bug.cgi?id=11892 for a known
incompatibility that may need to be addressed or ruled out for this usecase. 

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list