Let me re-phrase my previous question. Can I run pfSenese with IPSec and have xauth use LDAP instead of system? Or is ldap,pam or radius support compiled into raccoon?
Support is in the binaries but not in the GUI or the backend setup to handle the PAM bits. Probably not going to happen until 2.1, even if someone submits working code at this point.
thanks for the info.
Since its already compiled with ldap support then patching was cake. It really just involved a slight gui change and modding the vpn.inc to include an ldapcfg section in racoon.conf
I basically just added ldap as an option in the user_source and pulled host and basedn from my already configured ldap server in auth_servers. Works great! how can I submit a patch for users who do not want to wait for it to be in an offical release?
Make a fork of the pfSense code repo here:
Then commit your changes into your own clone of the pfSense code repo, and when that's done, submit a pull request so we can bring the changes back in.
do the changes you made include GUI changes or it it wdirectly in the conf-file ?
Just a single GUI change to allow you to pick ldap instead of just system from the xAuth source (Only if you even have an ldap server setup for system auth). And when ldap is selected vpn.inc writes out the ldapcfg block in racoon.conf using the ldap setting of the existing ldap server that was setup for system auth.
do you mind sending it to me ?
use the board pm ?
thank you in advance…
Any chance we could get some status on this issue? This is a huge feature to have.