locked
RADIUS authentication with PKI (user smart card enabled) RRS feed

  • Question

  • Trying to understand what needs to be passed to the NPS server as a password when the user in active directory has smart card enabled.   Is this looking for a part of the certificate, i.e. digital signature? or is it expecting the certificate as a whole.   I understand that NPS will need the user name which can be easily determinied from the certificate depending on how it was created and what details are entered into active directory.  Where I am stuck is password.   Any help appreciated.  \

    Operating System we are working from is Windows 2008 R2 64.  Device sending radius request is a linux server, used expressly for testing this implementation.   This is not 802.1x but a pure radius connection which appon approval will return a vendor specific attribute to the linux server of a deny message if not approved.

    Tuesday, October 2, 2012 12:37 PM

Answers

  • Hi,

    According to my knowledge, Smart card does not need the password. All the authentication is relied on the privated key contained in the Smart Card(certification). So, when you use the smart card, you don't need to consider the password.

    If you have any other concern, please feel free to let me know.

    Annie Gu

    Monday, October 8, 2012 9:18 AM

All replies

  • Hello,

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards,
    Rick Tan
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.


    Rick Tan

    TechNet Community Support

    Monday, October 8, 2012 7:56 AM
  • Hi,

    According to my knowledge, Smart card does not need the password. All the authentication is relied on the privated key contained in the Smart Card(certification). So, when you use the smart card, you don't need to consider the password.

    If you have any other concern, please feel free to let me know.

    Annie Gu

    Monday, October 8, 2012 9:18 AM
  • Hi,

    I' m writing to see if there is any update?

    If you have any concern, please feel free to let me know.

    Thanks.

    Best Regards,

    Annie

    Friday, October 12, 2012 8:00 AM
  • I understand that the private key is used to authenitcate the request, but RADIUS has standard place holders for values it expects to see and will hand off to the authentication server, in this case NPS.   My thought is the private key would become the password and be inserted into the field.  I have not had a chance to try it and see if it works yet.

    Wednesday, February 27, 2013 6:13 PM