Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - RADIUS - Active Directory

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    3
    3034
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hb9wad
      last edited by

      pfSense 2.0-BETA5 (i386) built on Wed Jan 26 10:45:46 EST 2011 on ALIX Board:
      PPTP VPN authenticates fine with RADIUS against Win2008 Active Directory.
      OpenVPN with configured RADIUS Authentication Server does not work out of the box against Win2008 Active Directory.
      OpenVPN with configured LDAP Authentication Server works but I can not check  group membership of VPN user.

      Did anyone manage the authentication of VPN users against RADIUS on Win2008 Active Directory ?

      Thanks a lot.

      Koni

      1 Reply Last reply Reply Quote 0
      • H
        hb9wad
        last edited by

        Sorry for disturbing with this question. Solution was very simple.
        I had to allow PAP Authentication on the IAS side.
        Now it works.
        I post this message here for other greenhorns like me ;-)

        1 Reply Last reply Reply Quote 0
        • T
          TimmZahn
          last edited by

          OpenVPN and Windows 2008 Server / AD RADIUS authentication worked correctly after I made one change on the pfSense router. pfSense 2.0 BETA-5 (i386).

          I had to create an Authentication Server profile that matched the friendly name of the Server 2008 RADIUS Clients setting, and the Connection Policy. That way I had a match in the "Backend for Authentication" selection name in the OpenVPN server settings.

          Before making that change, I was able to make a connection to the router, but the RADIUS authentication would always fail.

          However, I believe that you are right that in order to make OpenVPN work with Server 2008 RADIUS, the communication between pfSense and the RADIUS server needs to be unencrypted. Either via Group Policy or by telling the server that it's ok to listen for unencrypted passwords on that server's connection policy.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post