Multiple HUBs with Radius Authentication
-
- Posts: 6
- Joined: Mon Dec 12, 2016 2:55 pm
Multiple HUBs with Radius Authentication
Hi
My Situation: I have 2 Hubs
Hub1 - for Students
Hub2 - for Teachers
Both with Radius-Authentication
I got it to work with one Hub and a User "*" that authenticates against Windows NPS-Server
So now my Problems:
- How can i distinquish between the two requests on my radius-server? I have two rules wo is allowed to login to the hub1 and hub2 - but i dont know from which hub the request comes
- How do i send to which hub i want to connect? If i use user@hub1 i cant log in because my domain-info is missing, if i use domain\user@hub1 i cant log in because softether uses domain\user@hub1 as username for radius and login fails
hope you can help me
Thanks
Arnold
My Situation: I have 2 Hubs
Hub1 - for Students
Hub2 - for Teachers
Both with Radius-Authentication
I got it to work with one Hub and a User "*" that authenticates against Windows NPS-Server
So now my Problems:
- How can i distinquish between the two requests on my radius-server? I have two rules wo is allowed to login to the hub1 and hub2 - but i dont know from which hub the request comes
- How do i send to which hub i want to connect? If i use user@hub1 i cant log in because my domain-info is missing, if i use domain\user@hub1 i cant log in because softether uses domain\user@hub1 as username for radius and login fails
hope you can help me
Thanks
Arnold
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Multiple HUBs with Radius Authentication
There have been a very recent pull request merged into the code base (newest version of SE) that does exactly that
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/204
Now the Hubname is sent as part of the Radius request in a field called "Station-Id"
Here are some examples of how to use this field in freeradius
https://wiki.freeradius.org/guide/mac-auth
http://lists.freeradius.org/pipermail/f ... 44018.html
http://freeradius.1045715.n5.nabble.com ... 83866.html
Hope this helps
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/204
Now the Hubname is sent as part of the Radius request in a field called "Station-Id"
Here are some examples of how to use this field in freeradius
https://wiki.freeradius.org/guide/mac-auth
http://lists.freeradius.org/pipermail/f ... 44018.html
http://freeradius.1045715.n5.nabble.com ... 83866.html
Hope this helps
-
- Posts: 6
- Joined: Mon Dec 12, 2016 2:55 pm
Re: Multiple HUBs with Radius Authentication
Great - this helps a lot!
Tomorrow i get the latest Version and see if it works...
Tanks again!
Tomorrow i get the latest Version and see if it works...
Tanks again!
-
- Posts: 6
- Joined: Mon Dec 12, 2016 2:55 pm
Re: Multiple HUBs with Radius Authentication
The first part is solved - with the new Software-Version i get the info to which hub he connects as radius-attribute.
Second part still remains:
I have to send two informations: domain and hub - but i cant send both infos
with one hub i would use:
domain\username -> radius-Request looks like: domain\username -> ok
with two hubs:
username@hub -> radius: username -> not ok
domain\username@hub -> radius: domain\username@hub -> not ok
is it possible to enter an default-domain for my username?
Second part still remains:
I have to send two informations: domain and hub - but i cant send both infos
with one hub i would use:
domain\username -> radius-Request looks like: domain\username -> ok
with two hubs:
username@hub -> radius: username -> not ok
domain\username@hub -> radius: domain\username@hub -> not ok
is it possible to enter an default-domain for my username?
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Multiple HUBs with Radius Authentication
No. As far as I know, SE does not support domain info with radius authentication.
It does support domain info with NT authentication though.
How are you using the domain info? Maybe we can replace these with freeradius groups??
Why are you using a domain info? Are you using NT or active directory behind radius?
It does support domain info with NT authentication though.
How are you using the domain info? Maybe we can replace these with freeradius groups??
Why are you using a domain info? Are you using NT or active directory behind radius?
-
- Posts: 6
- Joined: Mon Dec 12, 2016 2:55 pm
Re: Multiple HUBs with Radius Authentication
I use an Windows Radius-server (Win 2012R2 NPS-Server) which is an AD-Member and i want to login from Windows with my domain-credentials. From the windows vpn login on the client i have 3 fields: user, pwd and domain. but as soon as i enter user@hub the domain-field gets greyed-out. windows thinks "hub" is the domain.
but without the domain-info windows does not authenticate me - and i found no way to tell the radius-server to use an default-domain (even it is a domain-member so the domain-info is useless - theres only one domain - but its not working)
but without the domain-info windows does not authenticate me - and i found no way to tell the radius-server to use an default-domain (even it is a domain-member so the domain-info is useless - theres only one domain - but its not working)
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Multiple HUBs with Radius Authentication
Please try this.
hubname\username@domainname
hubname\username@domainname
-
- Posts: 2
- Joined: Wed Mar 01, 2017 6:56 am
Re: Multiple HUBs with Radius Authentication
HI ! I had very similar problem with multiple HUB authentication. My environment WIN Server 2016 - AD, Radius running on same AD server.
My authentication start working if login on client machine is hub\login, but Softether Radius and NT authentication setting = domain\login
Tnx
My authentication start working if login on client machine is hub\login, but Softether Radius and NT authentication setting = domain\login
Tnx
-
- Posts: 2
- Joined: Wed Mar 01, 2017 6:56 am
Re: Multiple HUBs with Radius Authentication
but coming up different issue, if you login with different hub, you have to use your login as hub\domainlogin from Windows client side. In my environment we are using mapped disk via Group Policy, and as soon as you using hubs, domain controller using wrong credentials (hub\domainlogin instead of domain\domainlogin) and all your mapped drives or domain shares not accessible ... Anyone know any trick to fix this issue ? Tnx !
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Multiple HUBs with Radius Authentication
Did you try this?
hubname\username@domainname
hubname\username@domainname