Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Windows IPsec VPN authetication with Active Directory and FreeRADIUS
« previous
next »
Print
Pages: [
1
]
Author
Topic: Windows IPsec VPN authetication with Active Directory and FreeRADIUS (Read 7157 times)
Bisti
Newbie
Posts: 3
Karma: 0
Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
on:
April 20, 2018, 03:35:41 pm »
Is it possible to authenticate Windows client machine on IPsec VPN against Active Directory?
I tried this by setting up FreeRADIUS on my OPNsense but it`s not working. What I googled is that my FreeRADIUS expects cleartext password while my Windows machine is sending NThash. It seems that for this to work, I would also need to install samaba and join my OPNsense box to AD (I don't wand to go that way). Anyone tested similar setup?
Logged
ScottSenffner
Newbie
Posts: 4
Karma: 0
Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
Reply #1 on:
April 23, 2018, 02:43:28 pm »
I am really interested to hear how this is fixed, as I need to do this myself. I have not set it up yet, because this is my first firewall with OpnSense. I am a complete newbie at it. I was able to get it installed this weekend and I am having problems with port forwarding. It my be a problem with the version 18.1.6?
Not sure yet, just replied to someone else inquiry about that as well.
Looking forward to more learning experiences.
Scott
Logged
Bisti
Newbie
Posts: 3
Karma: 0
Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
Reply #2 on:
April 27, 2018, 11:08:22 pm »
I think that the only way to do this at the moment is to use certificate authentication. I don`t have CA set up at the moment in my AD infrastructure so I can`t test this out.
Logged
Kofl
Newbie
Posts: 27
Karma: 5
Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
Reply #3 on:
April 28, 2018, 07:22:49 pm »
Maybe it would be a solution to use Windows Radius, which uses AD to authenticate?
http://thesolving.com/server-room/configure-radius-server-windows-authenticate-cisco-vpn-users/
and then configure OPNSense to use that radius server:
https://wiki.opnsense.org/manual/how-tos/user-radius.html
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
Reply #4 on:
April 28, 2018, 08:36:30 pm »
You can bind to LDAP via Freeradius plugin, should work fine
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Bisti
Newbie
Posts: 3
Karma: 0
Re: Windows IPsec VPN authetication with Active Directory and FreeRADIUS
«
Reply #5 on:
April 28, 2018, 10:46:44 pm »
Quote from: mimugmail on April 28, 2018, 08:36:30 pm
You can bind to LDAP via Freeradius plugin, should work fine
What do you mean by that? I have installed Freeradius plugin and bound it to my AD but it only accepts plain passwords and Windows desktops sends NT-Hash of password.
I will try to do what Kofl suggested - use Windows RADIUS server.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Windows IPsec VPN authetication with Active Directory and FreeRADIUS