Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What sort of encryption does radius authentication use?

    Scheduled Pinned Locked Moved Captive Portal
    4 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Forgive me if this is a basic question but..

      i´m having a hardtime getting radius auth against AD(ias) working
      it is working with some win testing tool found in som other thread but not with AD

      all i´m seing on AD is "reject" of some sort

      "AD guys" says that pfsense is sending in cleartext wich i find doubtfull but i still need to make sure.

      ideas?

      EDIT: found this
      http://www.mail-archive.com/support@pfsense.com/msg09596.html

      Things to check at Microsoft IAS:

      1. At IAS-> RADIUS CLIENT: be sure that you have the PFSENSE IP address here!
      2. at IAS, after creating the PFSENSE address, enter in the properties of it
      and check if the CLIENT VENDOR is set to use RADIUS STANDARD. I'm supposing
      that your shared-key is OK, as you said…
      3. at IAS, REMOTE ACCESS POLICY, check at the AUTHENTICATION TAB if Unencrypted
      authentication is lit.
      4. at IAS, at the ENCRYPTION TAB, check if the NO ENCRYPTION is Lit.

      doesent sound good..i see that´s from 2007, surely that is not the case nowdays..right?

      /Fredde

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        soo..there is basicly no "secure" way of using authentication against active directory (captive portal) or ?

        /F

        1 Reply Last reply Reply Quote 0
        • C
          capnsteve
          last edited by

          I use a dedicated authentication server in my setup.  It is joined to the domain, but not itself a domain controller.  Sign-on is uses SSL so any communication over the air is encrypted.  Communication with the Auth server is on a secure vLAN.  The Auth server can see the Domain Controllers.  It was my solution to prevent eavesdropping, maybe it'll work for you.

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            well that´s a way of doing it ofcourse, it´s cinda complicated setup just because it doesent support secure auth.

            Besides i dont think captive portal supports authentication check against 2 active directorys(if it´s not in the first then it checks the second one), or does it?

            I´d really wouldent mind swapping out the astaro but it seem hard to do atm :/

            /F

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.