What sort of encryption does radius authentication use?
-
Forgive me if this is a basic question but..
i´m having a hardtime getting radius auth against AD(ias) working
it is working with some win testing tool found in som other thread but not with ADall i´m seing on AD is "reject" of some sort
"AD guys" says that pfsense is sending in cleartext wich i find doubtfull but i still need to make sure.
ideas?
EDIT: found this
http://www.mail-archive.com/support@pfsense.com/msg09596.htmlThings to check at Microsoft IAS:
1. At IAS-> RADIUS CLIENT: be sure that you have the PFSENSE IP address here!
2. at IAS, after creating the PFSENSE address, enter in the properties of it
and check if the CLIENT VENDOR is set to use RADIUS STANDARD. I'm supposing
that your shared-key is OK, as you said…
3. at IAS, REMOTE ACCESS POLICY, check at the AUTHENTICATION TAB if Unencrypted
authentication is lit.
4. at IAS, at the ENCRYPTION TAB, check if the NO ENCRYPTION is Lit.doesent sound good..i see that´s from 2007, surely that is not the case nowdays..right?
/Fredde
-
soo..there is basicly no "secure" way of using authentication against active directory (captive portal) or ?
/F
-
I use a dedicated authentication server in my setup. It is joined to the domain, but not itself a domain controller. Sign-on is uses SSL so any communication over the air is encrypted. Communication with the Auth server is on a secure vLAN. The Auth server can see the Domain Controllers. It was my solution to prevent eavesdropping, maybe it'll work for you.
-
well that´s a way of doing it ofcourse, it´s cinda complicated setup just because it doesent support secure auth.
Besides i dont think captive portal supports authentication check against 2 active directorys(if it´s not in the first then it checks the second one), or does it?
I´d really wouldent mind swapping out the astaro but it seem hard to do atm :/
/F