I’ve been trying for a couple of days now to make my strongSwan setup
to connect to my LDAP/KerberosV servers.
From what I can tell there’s [at least] two ways to do this:
1. PAM - this works fine in the os/sshd etc so that was my first try
-> My OSX/Windows7 [native] clients can’t seem to be able to
authenticate
though :(
2. RADIUS - really didn’t want to do that, but I could if it works
-> Apparently that won’t work either because Windows can only
do MSCHAPv2,
which don’t send cleartext passwords, which Radius needs :(.
Is there any other way I’ve missed?
Previously, when I installed my NAT/GW/VPN server, I used OpenS/WAN but that’s
dead and buried now apparently. So several months ago when I upgraded to the
next Linux dist version, I choose strongSwan. That’s now working just fine with
EAP-MSCHAPv2 and PSKs..
With OpenS/WAN I used L2TP (which uses PPPd) that authenticated to my Samba
server, which in turned authenticated against the LDAP/KerberosV servers..
I can’t remember now, it was years since I set it up and I didn’t look in
detail when
I killed it, but RADIUS was in there somehow as well (I think between PPPd and
Samba).
But before I start setting up L2TP, PPPd, Samba and Radius just to authenticate
my
VPN users, is there _ANYTHING_ I’ve missed?
I took a quick look at OpenVPN (which I’ve administrated, but not setup, at a
previous
employer) and apparently that can do LDAP auths. But I don’t feel much
confidence in
OpenVPN (it also require me to install a separate client - which I’d prefer not
to do if
at all possible), so I rather not go that route either. Unless I have no choice
:(.
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
