RADIUS with MSCHAPv2 or Limit AD users by group?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
BitingChaos
Posts: 4
Joined: Tue Nov 11, 2014 3:49 am

RADIUS with MSCHAPv2 or Limit AD users by group?

Post by BitingChaos » Tue Nov 11, 2014 6:25 am

We have an AD server and RADIUS server.

When SoftEther uses the AD server directly, I do not see any way to limit or restrict which users can connect via VPN. For example, I would like to limit it so that only users of a "VPN Users" group can connect.

I tried setting SoftEther to use our RADIUS server. It is Linux-based, and its configuration allows it to query AD/LDAP looking for a "VPN Users" group before allowing a connection. I figured this would be a decent work-around for the above issue.
It seems SoftEther uses PAP to connect to RADIUS, not MSCHAPv2. It seems that using PAP fills the logs with *plain text* passwords.

How do we limit AD users by specific group?
How can I make it not use PAP with RADIUS?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: RADIUS with MSCHAPv2 or Limit AD users by group?

Post by thisjun » Tue Nov 18, 2014 9:26 am

BitingChaos wrote:
> How do we limit AD users by specific group?
There is no such function.

> How can I make it not use PAP with RADIUS?
CHAP is for only PPP protocol.

PaulC
Posts: 26
Joined: Mon Nov 02, 2015 12:18 am

Re: RADIUS with MSCHAPv2 or Limit AD users by group?

Post by PaulC » Sat Nov 21, 2015 2:40 pm

Hi,

This is an old post, but I have a bit of a solution if you're interested.

Antiokh
Posts: 1
Joined: Fri Aug 09, 2019 12:16 pm

Re: RADIUS with MSCHAPv2 or Limit AD users by group?

Post by Antiokh » Fri Aug 09, 2019 12:18 pm

This is a very old post, but I'm interested

Post Reply