Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:53 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Fri Feb 27, 2015 6:25 am 
Offline

Joined: Fri Feb 27, 2015 5:58 am
Posts: 3
Hi all
I am very new to Yubikeys and only just received one the other day. They look very cool and I have had some success getting the device to work.

I am wanting to know if anyone has managed to implement their own Yubikey authentication in a Windows 2012 server environment - Active Directory?

Basically I have a Windows 2012 domain controller and a number of Windows 7 & 8 PCs connected to the local domain.
I want to setup OTP so that a user logons onto their PC using their Yubikey and they are validated by Active Directory.

I also have a number of remote stand alone Windows 7 & 8 PCs that use RDP to connect to a Terminal Server. I would also like to secure these PCs through the use of a users Yubikey.

I have read a lot of articles and purchasing a product such as Rohos or Authlite seems to be the only way to go but licensing may become expensive.

I was hoping to see if I could build whatever was necessary rather than using a proprietary software system.
I have read up about Yubix and this may seem the way to go.
I have VMWare and have built a Yubix server using the VMDK that's available. This all looks good but now I'm getting confused with how everything hooks up with Active Directory. I gather I need to use FreeRadius connected to Active Directory via LDAP. Am I correct?

Can someone let me know if I am heading in the right direction?

Also can someone please explain to me what software would I have to install on each of the client PCs & Terminal Server to change the login page so that it accepts the Yubikey information.

Thanks in advance.
Andy


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Feb 27, 2015 11:39 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
piv works out of the box, look at the PIV tools.


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 01, 2015 10:24 pm 
Offline

Joined: Fri Feb 27, 2015 5:58 am
Posts: 3
Thanks for the information. Will have a read and see what what it does.
I did notice that it refers to Yubikey Neo. I only have a Yubkiey standard.
Will PIV work with a standard Yubikey?


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 02, 2015 4:26 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
No, the Yubikey Standard is not a smartcard.

You will need the Yubikey NEO, which is a composite device.
https://www.yubico.com/products/yubikey-hardware/


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 04, 2015 4:57 am 
Offline

Joined: Fri Feb 27, 2015 5:58 am
Posts: 3
Hmmm.. I don't have the NEO so I may have to rethink this.
Thanks for your help.

If anyone has any luck with Yubikey and windows logon please let me know.
Any information would be appreciated.

Thanks
Andy


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 04, 2015 9:56 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Have a look at LinOTP http://www.linotp.org/


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group