RADIUS with MSCHAPv2 or Limit AD users by group?
Posted: Tue Nov 11, 2014 6:25 am
We have an AD server and RADIUS server.
When SoftEther uses the AD server directly, I do not see any way to limit or restrict which users can connect via VPN. For example, I would like to limit it so that only users of a "VPN Users" group can connect.
I tried setting SoftEther to use our RADIUS server. It is Linux-based, and its configuration allows it to query AD/LDAP looking for a "VPN Users" group before allowing a connection. I figured this would be a decent work-around for the above issue.
It seems SoftEther uses PAP to connect to RADIUS, not MSCHAPv2. It seems that using PAP fills the logs with *plain text* passwords.
How do we limit AD users by specific group?
How can I make it not use PAP with RADIUS?
When SoftEther uses the AD server directly, I do not see any way to limit or restrict which users can connect via VPN. For example, I would like to limit it so that only users of a "VPN Users" group can connect.
I tried setting SoftEther to use our RADIUS server. It is Linux-based, and its configuration allows it to query AD/LDAP looking for a "VPN Users" group before allowing a connection. I figured this would be a decent work-around for the above issue.
It seems SoftEther uses PAP to connect to RADIUS, not MSCHAPv2. It seems that using PAP fills the logs with *plain text* passwords.
How do we limit AD users by specific group?
How can I make it not use PAP with RADIUS?