Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense vpn -> FreeRadius -> authenticate to AD
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense vpn -> FreeRadius -> authenticate to AD (Read 6379 times)
penley
Newbie
Posts: 26
Karma: 1
OPNsense vpn -> FreeRadius -> authenticate to AD
«
on:
November 10, 2017, 07:05:17 pm »
We have a single FreeRadius server we want to use to consolidate user authentication with VPN, wireless, etc.
I have the wireless authenticating against AD through FreeRadius, but I cannot get it to work with the vpn.
The information I'm struggling to find is does it work differently when using VPN, for example do I have to configure the ldap module in FreeRadius?
I have OPNsense vpn pointed at FreeRadius, but each attempt to login produces the Error:
(0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
I've tested this using the PAP module and it works, but I'm not sure how to make it authenticate to AD instead.
The OPNsense version is 17.7 and the FreeRadius version is 3.0.
Kind regards,
penley
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: OPNsense vpn -> FreeRadius -> authenticate to AD
«
Reply #1 on:
November 10, 2017, 07:10:57 pm »
You need to proxy Radius to LDAP? I can have a look.
But why don't you just setup NPS/IAS on Windows?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: OPNsense vpn -> FreeRadius -> authenticate to AD
«
Reply #2 on:
November 11, 2017, 08:49:47 am »
LDAP support has to be compiled in, I think we can start mid december integrating it:
https://github.com/opnsense/tools/issues/58
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OPNsense vpn -> FreeRadius -> authenticate to AD
«
Reply #3 on:
November 11, 2017, 11:09:37 am »
I don’t know, if you want to auth against AD use LDAP connector, if the tester works for the server it will work for a properly configured VPN, too.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
OPNsense vpn -> FreeRadius -> authenticate to AD