Thank you very much for the detail, but ouch.
Why not AD direct? In a word, dynamic vlan assignment (ok, three words), which
we are currently happily implementing for our wireless networks via the NPS
rig. I know there are more problems with this on wired (esp with Juniper
switches), so part of the project is to figure out what we can actually do.
My FreeRadius-fu hasn't succeeded with proxies, but I haven't tried too much
yet.
Regards,
Tim
From: Louis Munro <[email protected]<mailto:[email protected]>>
Reply-To:
<[email protected]<mailto:[email protected]>>
Date: Fri, 24 May 2013 10:15:21 -0400
To:
<[email protected]<mailto:[email protected]>>
Subject: Re: [PacketFence-users] Authentication in PF 4.x
Hi Tim,
The module used to connect to a RADIUS server does not support MSCHAP.
You could do it by configuring a proxy in FreeRADIUS.
Look at the raddb/proxy.conf and use raddb/users to add the Proxy-To-Realm
attribute if necessary.
But it may be unnecessary. If your NPS server is using Active Directory as
backend, why not simply authenticate directly against it and cut out the
middleman?
Regards,
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
On 2013-05-23 10:25 , Palmer, Tim wrote:
Good morning all,
Is Radius against a Microsoft NPS group (one proxy, two auth servers) supported
out of the box as an Authentication source?
I am able to authenticate against Active Directory fine, but my attempts to
make an EAP-MSCHAP connection to our radius system always fails, seemingly
because PF is sending the request as auth-type PAP.
Problems with chained proxies?
PF 4.0.1
Centos 6.4
Test switch: Juniper EX-4200
Thank you for your time,
Tim
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only
SaaS-based application performance monitoring service that delivers powerful
full stack analytics. Optimize and monitor your browser, app, & servers with
just a few lines of code. Try New Relic and get this awesome Nerd Life shirt!
http://p.sf.net/sfu/newrelic_d2d_may_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
