| Yubico Forum https://forum.yubico.com/ |
|
| Need help integrating Yubikey with Windows 2012 Server https://forum.yubico.com/viewtopic.php?f=5&t=1761 |
Page 1 of 1 |
| Author: | andybozzly [ Fri Feb 27, 2015 6:25 am ] |
| Post subject: | Need help integrating Yubikey with Windows 2012 Server |
Hi all I am very new to Yubikeys and only just received one the other day. They look very cool and I have had some success getting the device to work. I am wanting to know if anyone has managed to implement their own Yubikey authentication in a Windows 2012 server environment - Active Directory? Basically I have a Windows 2012 domain controller and a number of Windows 7 & 8 PCs connected to the local domain. I want to setup OTP so that a user logons onto their PC using their Yubikey and they are validated by Active Directory. I also have a number of remote stand alone Windows 7 & 8 PCs that use RDP to connect to a Terminal Server. I would also like to secure these PCs through the use of a users Yubikey. I have read a lot of articles and purchasing a product such as Rohos or Authlite seems to be the only way to go but licensing may become expensive. I was hoping to see if I could build whatever was necessary rather than using a proprietary software system. I have read up about Yubix and this may seem the way to go. I have VMWare and have built a Yubix server using the VMDK that's available. This all looks good but now I'm getting confused with how everything hooks up with Active Directory. I gather I need to use FreeRadius connected to Active Directory via LDAP. Am I correct? Can someone let me know if I am heading in the right direction? Also can someone please explain to me what software would I have to install on each of the client PCs & Terminal Server to change the login page so that it accepts the Yubikey information. Thanks in advance. Andy |
|
| Author: | Tom2 [ Fri Feb 27, 2015 11:39 am ] |
| Post subject: | Re: Need help integrating Yubikey with Windows 2012 Server |
piv works out of the box, look at the PIV tools. |
|
| Author: | andybozzly [ Sun Mar 01, 2015 10:24 pm ] |
| Post subject: | Re: Need help integrating Yubikey with Windows 2012 Server |
Thanks for the information. Will have a read and see what what it does. I did notice that it refers to Yubikey Neo. I only have a Yubkiey standard. Will PIV work with a standard Yubikey? |
|
| Author: | Tom2 [ Mon Mar 02, 2015 4:26 pm ] |
| Post subject: | Re: Need help integrating Yubikey with Windows 2012 Server |
No, the Yubikey Standard is not a smartcard. You will need the Yubikey NEO, which is a composite device. https://www.yubico.com/products/yubikey-hardware/ |
|
| Author: | andybozzly [ Wed Mar 04, 2015 4:57 am ] |
| Post subject: | Re: Need help integrating Yubikey with Windows 2012 Server |
Hmmm.. I don't have the NEO so I may have to rethink this. Thanks for your help. If anyone has any luck with Yubikey and windows logon please let me know. Any information would be appreciated. Thanks Andy |
|
| Author: | Tom2 [ Wed Mar 04, 2015 9:56 am ] |
| Post subject: | Re: Need help integrating Yubikey with Windows 2012 Server |
Have a look at LinOTP http://www.linotp.org/ |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|