Hello Jaap, what you can do first is to use PacketFence as the radius server and run radius in debug mode. (raddebug -f /usr/local/pf/var/run/radius.sock -t 3000)
Copy and paste the result of the debug to see what we can do. Regards Fabrice Le 2017-04-25 à 15:38, Forum a écrit : > Hi, > > I use strongswan with IKEv2 as vpn solution. > > The idea is that strongswan uses packetfence (and more specifically active > directory) to authenticate IKEv2 users. > > > > According to the documentation of strongswan, the eap-radius plugin allows > to authenticate users by using radius. > > Basically, the plugin seems to unpack the IKEv2 with respect to the MSCHAPv2 > authentication process and generates the required radius messages. > > > > My thought was to use my packetfence install (with active directory > integration already working) as a radius server for strongswan. > > A user should be granted vpn access if: > > - username password matches > > - the user is: > > * member of the vpn group or > > * the user has the msNPAllowDialin attribute set in AD. > > My questions are: > - can that be done with packetfence (and if so, a few directions would be > appreciated) > - should I deploy a new radius server and keep things separated from > packetfence. > > Best, > > -- Jaap > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
