We have an AD server and RADIUS server.
When SoftEther uses the AD server directly, I do not see any way to limit or restrict which users can connect via VPN. For example, I would like to limit it so that only users of a "VPN Users" group can connect.
I tried setting SoftEther to use our RADIUS server. It is Linux-based, and its configuration allows it to query AD/LDAP looking for a "VPN Users" group before allowing a connection. I figured this would be a decent work-around for the above issue.
It seems SoftEther uses PAP to connect to RADIUS, not MSCHAPv2. It seems that using PAP fills the logs with *plain text* passwords.
How do we limit AD users by specific group?
How can I make it not use PAP with RADIUS?
RADIUS with MSCHAPv2 or Limit AD users by group?
-
- Posts: 4
- Joined: Tue Nov 11, 2014 3:49 am
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: RADIUS with MSCHAPv2 or Limit AD users by group?
BitingChaos wrote:
> How do we limit AD users by specific group?
There is no such function.
> How can I make it not use PAP with RADIUS?
CHAP is for only PPP protocol.
> How do we limit AD users by specific group?
There is no such function.
> How can I make it not use PAP with RADIUS?
CHAP is for only PPP protocol.
-
- Posts: 26
- Joined: Mon Nov 02, 2015 12:18 am
Re: RADIUS with MSCHAPv2 or Limit AD users by group?
Hi,
This is an old post, but I have a bit of a solution if you're interested.
This is an old post, but I have a bit of a solution if you're interested.
-
- Posts: 1
- Joined: Fri Aug 09, 2019 12:16 pm
Re: RADIUS with MSCHAPv2 or Limit AD users by group?
This is a very old post, but I'm interested