Multiple HUBs with Radius Authentication

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ariegler
Posts: 6
Joined: Mon Dec 12, 2016 2:55 pm

Multiple HUBs with Radius Authentication

Post by ariegler » Mon Dec 12, 2016 3:02 pm

Hi

My Situation: I have 2 Hubs
Hub1 - for Students
Hub2 - for Teachers
Both with Radius-Authentication
I got it to work with one Hub and a User "*" that authenticates against Windows NPS-Server

So now my Problems:
- How can i distinquish between the two requests on my radius-server? I have two rules wo is allowed to login to the hub1 and hub2 - but i dont know from which hub the request comes
- How do i send to which hub i want to connect? If i use user@hub1 i cant log in because my domain-info is missing, if i use domain\user@hub1 i cant log in because softether uses domain\user@hub1 as username for radius and login fails

hope you can help me

Thanks
Arnold

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Multiple HUBs with Radius Authentication

Post by moatazelmasry » Mon Dec 12, 2016 3:37 pm

There have been a very recent pull request merged into the code base (newest version of SE) that does exactly that
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/204

Now the Hubname is sent as part of the Radius request in a field called "Station-Id"
Here are some examples of how to use this field in freeradius
https://wiki.freeradius.org/guide/mac-auth
http://lists.freeradius.org/pipermail/f ... 44018.html
http://freeradius.1045715.n5.nabble.com ... 83866.html

Hope this helps

ariegler
Posts: 6
Joined: Mon Dec 12, 2016 2:55 pm

Re: Multiple HUBs with Radius Authentication

Post by ariegler » Mon Dec 12, 2016 3:42 pm

Great - this helps a lot!
Tomorrow i get the latest Version and see if it works...

Tanks again!

ariegler
Posts: 6
Joined: Mon Dec 12, 2016 2:55 pm

Re: Multiple HUBs with Radius Authentication

Post by ariegler » Mon Dec 19, 2016 12:06 pm

The first part is solved - with the new Software-Version i get the info to which hub he connects as radius-attribute.

Second part still remains:
I have to send two informations: domain and hub - but i cant send both infos
with one hub i would use:
domain\username -> radius-Request looks like: domain\username -> ok

with two hubs:
username@hub -> radius: username -> not ok
domain\username@hub -> radius: domain\username@hub -> not ok

is it possible to enter an default-domain for my username?

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Multiple HUBs with Radius Authentication

Post by moatazelmasry » Thu Dec 22, 2016 9:35 am

No. As far as I know, SE does not support domain info with radius authentication.
It does support domain info with NT authentication though.

How are you using the domain info? Maybe we can replace these with freeradius groups??

Why are you using a domain info? Are you using NT or active directory behind radius?

ariegler
Posts: 6
Joined: Mon Dec 12, 2016 2:55 pm

Re: Multiple HUBs with Radius Authentication

Post by ariegler » Thu Dec 22, 2016 9:49 am

I use an Windows Radius-server (Win 2012R2 NPS-Server) which is an AD-Member and i want to login from Windows with my domain-credentials. From the windows vpn login on the client i have 3 fields: user, pwd and domain. but as soon as i enter user@hub the domain-field gets greyed-out. windows thinks "hub" is the domain.

but without the domain-info windows does not authenticate me - and i found no way to tell the radius-server to use an default-domain (even it is a domain-member so the domain-info is useless - theres only one domain - but its not working)

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Multiple HUBs with Radius Authentication

Post by thisjun » Tue Jan 24, 2017 7:37 am

Please try this.
hubname\username@domainname

Den
Posts: 2
Joined: Wed Mar 01, 2017 6:56 am

Re: Multiple HUBs with Radius Authentication

Post by Den » Wed Mar 01, 2017 11:39 am

HI ! I had very similar problem with multiple HUB authentication. My environment WIN Server 2016 - AD, Radius running on same AD server.
My authentication start working if login on client machine is hub\login, but Softether Radius and NT authentication setting = domain\login

Tnx

Den
Posts: 2
Joined: Wed Mar 01, 2017 6:56 am

Re: Multiple HUBs with Radius Authentication

Post by Den » Tue Mar 07, 2017 5:57 pm

but coming up different issue, if you login with different hub, you have to use your login as hub\domainlogin from Windows client side. In my environment we are using mapped disk via Group Policy, and as soon as you using hubs, domain controller using wrong credentials (hub\domainlogin instead of domain\domainlogin) and all your mapped drives or domain shares not accessible ... Anyone know any trick to fix this issue ? Tnx !

thisjun
Posts: 2090
Joined: Mon Feb 24, 2014 11:03 am

Re: Multiple HUBs with Radius Authentication

Post by thisjun » Thu Mar 16, 2017 6:56 am

Did you try this?
hubname\username@domainname

Post Reply