I’ve been trying for a couple of days now to make my strongSwan setup to connect to my LDAP/KerberosV servers.
From what I can tell there’s [at least] two ways to do this: 1. PAM - this works fine in the os/sshd etc so that was my first try -> My OSX/Windows7 [native] clients can’t seem to be able to authenticate though :( 2. RADIUS - really didn’t want to do that, but I could if it works -> Apparently that won’t work either because Windows can only do MSCHAPv2, which don’t send cleartext passwords, which Radius needs :(. Is there any other way I’ve missed? Previously, when I installed my NAT/GW/VPN server, I used OpenS/WAN but that’s dead and buried now apparently. So several months ago when I upgraded to the next Linux dist version, I choose strongSwan. That’s now working just fine with EAP-MSCHAPv2 and PSKs.. With OpenS/WAN I used L2TP (which uses PPPd) that authenticated to my Samba server, which in turned authenticated against the LDAP/KerberosV servers.. I can’t remember now, it was years since I set it up and I didn’t look in detail when I killed it, but RADIUS was in there somehow as well (I think between PPPd and Samba). But before I start setting up L2TP, PPPd, Samba and Radius just to authenticate my VPN users, is there _ANYTHING_ I’ve missed? I took a quick look at OpenVPN (which I’ve administrated, but not setup, at a previous employer) and apparently that can do LDAP auths. But I don’t feel much confidence in OpenVPN (it also require me to install a separate client - which I’d prefer not to do if at all possible), so I rather not go that route either. Unless I have no choice :(. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users