OpenVPN - RADIUS - Active Directory
pfSense 2.0-BETA5 (i386) built on Wed Jan 26 10:45:46 EST 2011 on ALIX Board:
PPTP VPN authenticates fine with RADIUS against Win2008 Active Directory.
OpenVPN with configured RADIUS Authentication Server does not work out of the box against Win2008 Active Directory.
OpenVPN with configured LDAP Authentication Server works but I can not check group membership of VPN user.
Did anyone manage the authentication of VPN users against RADIUS on Win2008 Active Directory ?
Thanks a lot.
Sorry for disturbing with this question. Solution was very simple.
I had to allow PAP Authentication on the IAS side.
Now it works.
I post this message here for other greenhorns like me ;-)
OpenVPN and Windows 2008 Server / AD RADIUS authentication worked correctly after I made one change on the pfSense router. pfSense 2.0 BETA-5 (i386).
I had to create an Authentication Server profile that matched the friendly name of the Server 2008 RADIUS Clients setting, and the Connection Policy. That way I had a match in the "Backend for Authentication" selection name in the OpenVPN server settings.
Before making that change, I was able to make a connection to the router, but the RADIUS authentication would always fail.
However, I believe that you are right that in order to make OpenVPN work with Server 2008 RADIUS, the communication between pfSense and the RADIUS server needs to be unencrypted. Either via Group Policy or by telling the server that it's ok to listen for unencrypted passwords on that server's connection policy.