Hi,
I'm trying (whitout success) to authenticate mikrotik on radius freeipa server with ldap backend.
Has anyone been successful?
Hi mekatum,Hi!
Maybe this is no longer relevant, but I answer.
I successfully implemented a bunch of centos 8 + freeipa 4.8.4 + freeradius 3.0.17 + mikrotik 6.47.
Some unobvious moments for me. FreeIPA has default password hash is PBKDF2_SHA256, but FreeRADIUS not support it. You must change FreeIPA hash.
Mikrotik's RADIUS client use MSCHAPv2 for auth. MSCHAPv2 support only clear text hash or NT HASH. You must add support NT HASH to your FreeIPA.
But but still it works! And I can connect to Mikrotik's L2TP-server with my LDAP login.
Hi!
Maybe this is no longer relevant, but I answer.
I successfully implemented a bunch of centos 8 + freeipa 4.8.4 + freeradius 3.0.17 + mikrotik 6.47.
Some unobvious moments for me. FreeIPA has default password hash is PBKDF2_SHA256, but FreeRADIUS not support it. You must change FreeIPA hash.
Mikrotik's RADIUS client use MSCHAPv2 for auth. MSCHAPv2 support only clear text hash or NT HASH. You must add support NT HASH to your FreeIPA.
But but still it works! And I can connect to Mikrotik's L2TP-server with my LDAP login.