OPNsense vpn -> FreeRadius -> authenticate to AD

Started by penley, November 10, 2017, 07:05:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2017, 07:05:17 PM
We have a single FreeRadius server we want to use to consolidate user authentication with VPN, wireless, etc.
I have the wireless authenticating against AD through FreeRadius, but I cannot get it to work with the vpn.
The information I'm struggling to find is does it work differently when using VPN, for example do I have to configure the ldap module in FreeRadius?
I have OPNsense vpn pointed at FreeRadius, but each attempt to login produces the Error:
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available

(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

I've tested this using the PAP module and it works, but I'm not sure how to make it authenticate to AD instead.

The OPNsense version is 17.7 and the FreeRadius version is 3.0.


Kind regards,
penley

November 10, 2017, 07:10:57 PM #1
You need to proxy Radius to LDAP? I can have a look.
But why don't you just setup NPS/IAS on Windows?
November 11, 2017, 08:49:47 AM #2
LDAP support has to be compiled in, I think we can start mid december integrating it:

https://github.com/opnsense/tools/issues/58
November 11, 2017, 11:09:37 AM #3
I don't know, if you want to auth against AD use LDAP connector, if the tester works for the server it will work for a properly configured VPN, too.
Print
Go Up Pages1
User actions