OpenVPN + PAM + IAS

[ericl42]

Hello,

I am working on an OpenVPN server and I have it currently set up to authenticate off of my MS IAS Radius Server and it's authenticating the users fine, but the issue I'm running into is on the IAS Sever, I have to set it to "no encryption" and "do not negotiate authentication method" for it to work because if not, it says the other end isn't set correctly. Is there anyway within PAM I can set it to require CHAP,PEAP,MS-CHAP or some type of encryption so I could then turn that setting on the IAS server too? Thanks for your help.

[ericl42]

Got the problem fixed. It was mainly a communication problem between me admining the OpenVPN server and our person that admins the IAS server. We had to have the settings set to PAP and 128 bit encryption on the IAS end which agreed with what PAM was saying. The other combos we tried were erroring out still.

[docrice]

I have a follow-up question about this - how did you get OpenVPN to work against IAS? Did you use a third-party RADIUS module (Radiusplugin by Ralf Lübben) for this? Do you know if it's possible to do client cert auth while doing accounting via RADIUS?