NT DOMAIN AUTHENTICATION

[PeterG]

Greetings,

Trying to authenticate users in AD.
Im running SoftEther v4.20 on Linux Debian which is joined to AD (win 2012).

I have created an user in SoftEther and mapped it to nt domain authentication.

When the authentication is being initiated I see the following SoftEther logs:

2016-09-07 13:30:54.458 [HUB "xxxxxx"] The connection "CID-68" (IP address: xxxx.xxxx.xxxx.xxxx, Host name: xxxxx-xxxx-xxxx.xxxxxx.xx, Port number: 54379, Client name: "Microsoft SSTP VPN Client", Version: 4.20, Build: 9608) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "xxxxxxx".
2016-09-07 13:30:54.458 [HUB "xxxxxx"] Connection "CID-68": User authentication failed. The user name that has been provided was "xxxxxxx".
2016-09-07 13:30:54.489 Connection "CID-68" terminated by the cause "User authentication failed." (code 9).


Did anybody have a chance to implement nt domain authentication of SoftEther running on Linux that is joined to AD ?

Thanks in advance,
Peter

[PeterG]

Greetings,

I went to documentation and found that nt domain authentication doesnt work on Linux

here are the details


In order to conduct NT domain or Active Directory authentication, the SoftEther VPN Server to conduct user authentication must be capable of running on Windows NT, with capable of participating in domain. SoftEther VPN Servers that run on Windows 98, Windows 98 Second Edition, Windows Millennium Edition or Linux, FreeBSD, Solaris or Macintosh OS X cannot conduct NT domain or Active Directory authentication. VPN Server cannot authenticate the NT domain or Active Directory. In this case, while authentication method is set to “NT domain” or “Active Directory” domain, authentication does not work.

https://www.softether.org/4-docs/1-manu ... entication

Thanks,
Peter

[PeterG]

I tested nt domain authentication on windows server 2012 r2 and it works well.

Thanks,
Peter

[desperados]

my domain is managed by a linux server, not a windows one
can I use domain authentication in some way?
thanks

[desperados]

desperados wrote:
> my domain is managed by a linux server, not a windows one
> can I use domain authentication in some way?
> thanks

maybe using LDAP ?

[moatazelmasry]

if you are not bound to windows like the OP, why don't you just use freeradius?

If you must use LDAP, you can configure freeradius to have LDAP as its backend I think

[desperados]

desperados wrote:
> my domain is managed by a linux server, not a windows one
> can I use domain authentication in some way?
> thanks

and what if I install Softether in a Windows Server joined to my linux domain?

[thisjun]

>and what if I install Softether in a Windows Server joined to my linux domain?

It may be possible.