Active Directory authenticated VPN
Alan DeKok
aland at deployingradius.com
Wed Apr 28 17:14:56 CEST 2021
On Apr 28, 2021, at 3:51 AM, Pisch Tamás <pischta at gmail.com> wrote:
> I purged my configuration and started it again from the default state. The
> system is Debian Bullseye.
That should work much better.
> Why vpn at ad.ourdomain.hu doesn't work?
Because Active Directory is too dumb to notice that it's responsible for "ad.ourdomain.hu".
The solution is two steps:
1) edit proxy.conf, and add:
realm ad.ourdomain.hu {
}
That defines the domain as something that FreeRADIUS knows about. So that it will take "vpn at ad.ourdomain.hu", and split it into pieces.
2) set
winbind_username = "%{%{Stripped-User-Name}:-%{mschap:User-Name}}"
Which says "use the Stripped-User-Name ("vpn" here), and if that doesn't exist, use %{mschap:User-Name}
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list