Yubico Forum
https://forum.yubico.com/

Need help integrating Yubikey with Windows 2012 Server
https://forum.yubico.com/viewtopic.php?f=5&t=1761
Page 1 of 1

Author:  andybozzly [ Fri Feb 27, 2015 6:25 am ]
Post subject:  Need help integrating Yubikey with Windows 2012 Server

Hi all
I am very new to Yubikeys and only just received one the other day. They look very cool and I have had some success getting the device to work.

I am wanting to know if anyone has managed to implement their own Yubikey authentication in a Windows 2012 server environment - Active Directory?

Basically I have a Windows 2012 domain controller and a number of Windows 7 & 8 PCs connected to the local domain.
I want to setup OTP so that a user logons onto their PC using their Yubikey and they are validated by Active Directory.

I also have a number of remote stand alone Windows 7 & 8 PCs that use RDP to connect to a Terminal Server. I would also like to secure these PCs through the use of a users Yubikey.

I have read a lot of articles and purchasing a product such as Rohos or Authlite seems to be the only way to go but licensing may become expensive.

I was hoping to see if I could build whatever was necessary rather than using a proprietary software system.
I have read up about Yubix and this may seem the way to go.
I have VMWare and have built a Yubix server using the VMDK that's available. This all looks good but now I'm getting confused with how everything hooks up with Active Directory. I gather I need to use FreeRadius connected to Active Directory via LDAP. Am I correct?

Can someone let me know if I am heading in the right direction?

Also can someone please explain to me what software would I have to install on each of the client PCs & Terminal Server to change the login page so that it accepts the Yubikey information.

Thanks in advance.
Andy

Author:  Tom2 [ Fri Feb 27, 2015 11:39 am ]
Post subject:  Re: Need help integrating Yubikey with Windows 2012 Server

piv works out of the box, look at the PIV tools.

Author:  andybozzly [ Sun Mar 01, 2015 10:24 pm ]
Post subject:  Re: Need help integrating Yubikey with Windows 2012 Server

Thanks for the information. Will have a read and see what what it does.
I did notice that it refers to Yubikey Neo. I only have a Yubkiey standard.
Will PIV work with a standard Yubikey?

Author:  Tom2 [ Mon Mar 02, 2015 4:26 pm ]
Post subject:  Re: Need help integrating Yubikey with Windows 2012 Server

No, the Yubikey Standard is not a smartcard.

You will need the Yubikey NEO, which is a composite device.
https://www.yubico.com/products/yubikey-hardware/

Author:  andybozzly [ Wed Mar 04, 2015 4:57 am ]
Post subject:  Re: Need help integrating Yubikey with Windows 2012 Server

Hmmm.. I don't have the NEO so I may have to rethink this.
Thanks for your help.

If anyone has any luck with Yubikey and windows logon please let me know.
Any information would be appreciated.

Thanks
Andy

Author:  Tom2 [ Wed Mar 04, 2015 9:56 am ]
Post subject:  Re: Need help integrating Yubikey with Windows 2012 Server

Have a look at LinOTP http://www.linotp.org/

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/