3,704
edits
Changes
Jump to navigation
Jump to search
mLine 290:
Line 290: + + + + + + + + + + + + + + + + + + + + + + +
→Radius authentication
==Radius authentication==
==Radius authentication==
{{Note box|Softether VPN only accepts amaximum of 9 charachters as the Pre-shared Key. The default key length of SME Server is 31, thus too much for Softether VPN. Since the PSK of SME Server is automatically generated at the time of template expansion (e.g. signal-event remoteaccess-update) and NOT stored in a db key (as it probably should), one can not set the pre-saherd key manually by a db property setting. Testing of the below has been done by manually overriding the PSK.}}
{{Note box|Softether VPN only accepts amaximum of 9 charachters as the Pre-shared Key. The default key length of SME Server is 31, thus too much for Softether VPN. Since the PSK of SME Server is automatically generated at the time of template expansion (e.g. signal-event remoteaccess-update) and NOT stored in a db key (as it probably should), one can not set the pre-saherd key manually by a db property setting. Testing of the below has been done by manually overriding the PSK.}}
To overcome the limitation of Softether to accept more then 9 characters as a PSK we need to create custom templates that limit the SME Server PSK to 9 characters only:
mkdir -p /etc/e-smith/templates-custom/etc/raddb/clients.conf
nano -w /etc/e-smith/templates-custom/etc/raddb/clients.conf/10localhost
with the following content:
{
use esmith::util;
$pw = esmith::util::LdapPassword;
$pw =~ s/^(.{9}).*$/$1/;
"";
}
client localhost \{
{
} secret = { $pw }
{
} shortname = localhost
{
} nastype = other
{
}\}
A custom template fragment is required. Create the template fragment first:
A custom template fragment is required. Create the template fragment first: