[strongSwan] Windows 7 and Radius with LDAP

Claudio Morgia morgiaclaudio at yahoo.it
Fri Oct 5 14:45:27 CEST 2012


Dear all,
I was trying to figure out how to provide access to my StrongSWAN installation to users through LDAP authentication.
I have a Lotus Domino server that provides LDAP services and I managed to configure FreeRadius to talk with Domino.
The command line utility 'radtest' works fine as it plaintext, but as soon as I try to link StrongSwan using EAP-RADIUS
from Windows 7 clients, no way.

If my understanding is correct MSCHAPv2 sends hashed passwords that are incompatible with LDAP so the daemons and
servers talk each other but users' passwords don't match.

My question is: is there any other way to allow Windows 7 users to connect to StrongSWAN while authenticating them in LDAP,
maybe switching to PEAP or something else?

My constraint is that I cannot change the existing password and it would be difficult to implement a second password in LDAP
(as someone mentioned in this mailing list as well).

Would it be different if, instead of the Domino LDAP server, I would use a Novell eDirectory, acting as domain controller?

Thank you very much for any help you could give me on the subject.

Best regards,
Claudio Morgia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121005/46a0b696/attachment.html>


More information about the Users mailing list