Messages

1

18.1 Legacy Series / Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS

« on: April 28, 2018, 10:46:44 pm »

You can bind to LDAP via Freeradius plugin, should work fine

What do you mean by that? I have installed Freeradius plugin and bound it to my AD but it only accepts plain passwords and Windows desktops sends NT-Hash of password.
I will try to do what Kofl suggested - use Windows RADIUS server.

2

18.1 Legacy Series / Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS

« on: April 27, 2018, 11:08:22 pm »

I think that the only way to do this at the moment is to use certificate authentication. I don`t have CA set up at the moment in my AD infrastructure so I can`t test this out.

3

18.1 Legacy Series / Windows IPsec VPN authetication with Active Directory and FreeRADIUS

« on: April 20, 2018, 03:35:41 pm »

Is it possible to authenticate Windows client machine on IPsec VPN against Active Directory?
I tried this by setting up FreeRADIUS on my OPNsense but it`s not working. What I googled is that my FreeRADIUS expects cleartext password while my Windows machine is sending NThash. It seems that for this to work, I would also need to install samaba and join my OPNsense box to AD (I don't wand to go that way). Anyone tested similar setup?