|
Title: OpenVPN AD By user in group Post by: danielcsgomes on Wednesday 11 August 2010, 09:11:42 pm Hello all, that is my first post here.
It was a hard job to make all the configuration without any background, but with some research and with this forum it happen. But now i have a question, there is any possibility of OpenVPN with LDAP see inside a Security Group the members associated and only allow that users to connect throw OpenVPN? Now i am pointing LDAP to the OU where the users are, but i prefer to point to a Security Group that have associate users, i don't wanna all members connecting throw vpn to the company only the specific ones. Thanks in advance, Daniel Gomes Title: Re: OpenVPN AD By user in group Post by: danielcsgomes on Friday 13 August 2010, 01:12:51 am So i saw that is possible but i tried implement but got auth failed, i will post my configurations:
my /var/ewf/openvpn/settings file: AUTHENTICATION_STACK=local,ldap AUTH_TYPE=psk CLIENT_TO_CLIENT=on DOMAIN=grupogomes.local DROP_DHCP= GLOBAL_DNS=192.168.16.2/24 GLOBAL_NETWORKS=192.168.16.0/24,10.10.10.0/24 LDAP_BIND_DN=cn=Administrador,cn=Users,dc=grupogomes,dc=local LDAP_BIND_PASSWORD=***** LDAP_URI=ldap://192.168.16.2 LDAP_USER_BASEDN=ou=Utilizadores,ou=Pinhal Novo,dc=grupogomes,dc=local LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(SAMAccountName=%(u)s)) OPENVPN_ENABLED=on PURPLECLIENT_BEGIN_DEVICE=tap2 PURPLE_DEVICE=tap0 PURPLE_IP_BEGIN=192.168.16.25 PURPLE_IP_END=192.168.16.38 PUSH_DOMAIN=on PUSH_GLOBAL_DNS=on PUSH_GLOBAL_NETWORKS=on LDAP_REQUIRE_GROUP=on LDAP_GROUP_BASEDN=ou=Security Groups,ou=Pinhal Novo,dc=grupogomes,dc=local LDAP_GROUP_SEARCHFILTER=(cn=Poceirão - Cesar Gomes) LDAP_GROUP_MEMBERATTRIBUTE=member So i want that the username can login only if it is member of "Poceirão - Cesar Gomes" Security Group. What i am doing wrong? This is my structure of AD: DC=GrupoGomes,DC=local -CN=Users ---CN=Administrador -OU=Pinhal Novo ---OU=Security Groups -----CN=Poceirão - Cesar Gomes (typy=group) -----more 2 groups here ---OU=Utilizadores -----OU=CesarGomes --------CN=about 5 members on that OU -----OU=euCasa --------CN=About more 5 members on that OU Title: Re: OpenVPN AD By user in group Post by: danielcsgomes on Monday 16 August 2010, 02:05:22 pm No one knows how to only allow members of a user group to connect throw OpenVPN?
Title: Re: OpenVPN AD By user in group Post by: wdupreez on Wednesday 03 November 2010, 08:18:41 pm Hi Daniel, please see my post on authenticating OpenVPN users against AD. I hope it helps.
|