MSCHAPV2 + OpenLDAP

L.P.H. van Belle belle at bazuin.nl
Mon Aug 3 16:30:20 CEST 2020 

I you recommend to use kerberos (or ntlm) and ldap only for the group memberships,
But i cant speak for you so i suggest, read the links below, use what you need. 


http://deployingradius.com/documents/configuration/active_directory.html
or
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory 

And/or ! Note, the setting shown in the 2 above links need still to be applied in the one below. 
https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users 
> [mailto:freeradius-users-bounces+belle=bazuin.nl at lists.freerad
> ius.org] Namens ?????????????? ???????????????? 
> ?????????????????? via Freeradius-Users
> Verzonden: maandag 3 augustus 2020 15:49
> Aan: FreeRadius users mailing list
> CC: ?????????????? ???????????????? ??????????????????
> Onderwerp: Re: MSCHAPV2 + OpenLDAP
> 
> Thanks. Maybe I need to configure the MSCHAP freeradius 
> module for OpenLDAP authentication. I haven't figured out how yet )
> The ldap module is configured correctly
> 
> 3 ??????. 2020 ??., ?? 16:42, Gregory Sloop 
> <gregs at sloop.net<mailto:gregs at sloop.net>> ??????????????(??):
> 
> Top posting.
> I don't use/involve freeradius for VPN on the Mac, but I 
> certainly use MSChapv2 {with L2TP]. The native L2TP client on 
> the Mac DOES NOT require Active Directory.
> 
> I suspect you have some other problem.
> 
> 
> 
> ??!vFU> It turns out that the vpn client macos only works with Active
> ??!vFU> Directory ? So Apple depends on Windows ? This is 
> vendor lock )
> 
> 
> >> 3 ??????. 2020 ??., ?? 16:24, Sven Hartge 
> <sven at svenhartge.de<mailto:sven at svenhartge.de>> ??????????????(??):
> 
> >> On 03.08.20 15:04, ?????????????? ???????????????? 
> ?????????????????? via Freeradius-Users wrote:
> 
> >>> I am trying to configure authentication via freeradius 
> client VPN. Users in OpenLDAP . The problem is that the 
> standard MacOS vpn client works via ms chap v2 (in the debut 
> mode, I see the Client is using MS-CHAPv2). I would be 
> grateful for help if someone had experience setting up in 
> this configuration.
> 
> 
> >> Please read
> >> 
> http://deployingradius.com/documents/protocols/compatibility.h
> tml<http://deployingradius.com/documents/protocols/compatibili
> ty.html> first
> >> to see if the way the password is stored in OpenLDAP is 
> compatible with
> >> MS-CHAP.
> 
> >> (Odds are, it isn't.)
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list