[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Google Scure LDAP and User-Password
From: Edward Newman <edward () digitalasset ! com>
Date: 2020-02-28 14:44:19
Message-ID: EA3226E5-7F06-4402-956B-2CCE33A18340 () digitalasset ! com
[Download RAW message or body]
Interested to give my user singe sign-on via their Google account from strongswan. \
Trying to go down a path with freeradius but hitting a couple of issues.
What works:
- freeradius conects correct to Secure LDAP and can authenticate users via radclient
- strongswan can connect to free Radius and sends Authentication requests to service \
(seen in debug trace).
- Users are connectig to strongswan over IKEv2 road warrior connection (from macOS)
What seems to be failing:
- Strongswan does not seem to have a way to configure sending the User-Password \
attribute to radius (in cleartext)
- Secure LDAP requires the cleartext password to do LDAP bind (doesn;t support \
MSCHAPV2 or other non-password based authentication)
Questions:
- Can one set up Strongswan to forward password from user?
- If one uses a VPN with server side certificate and user auth then this feel like \
setting up a HTTPS web site with a username/password form directly to Internet. What \
stops any user connecting to IKEv2 and attempting brute force connections against a \
user account. Google Secure LDAP does not enforce 2FA over LDAP… :-(
What have I missed as options? Are there other better ways to get user-specific \
authentication to Google via strongswan?
--
This message, and any attachments, is for the intended recipient(s) only,
may contain information that is privileged, confidential and/or proprietary
and subject to important terms and conditions available at
http://www.digitalasset.com/emaildisclaimer.html
<http://www.digitalasset.com/emaildisclaimer.html>. If you are not the
intended recipient, please delete this message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic