Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 09:13:42 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN AD By user in group
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN AD By user in group  (Read 14890 times)
danielcsgomes
Full Member
***
Offline Offline

Gender: Male
Posts: 23


« on: Wednesday 11 August 2010, 09:11:42 pm »

Hello all, that is my first post here.

It was a hard job to make all the configuration without any background, but with some research and with this forum it happen. But now i have a question, there is any possibility of OpenVPN with LDAP see inside a Security Group the members associated and only allow that users to connect throw OpenVPN?

Now i am pointing LDAP to the OU where the users are, but i prefer to point to a Security Group that have associate users, i don't wanna all members connecting throw vpn to the company only the specific ones.

Thanks in advance,

Daniel Gomes
Logged

Best regards,

Daniel Gomes
danielcsgomes
Full Member
***
Offline Offline

Gender: Male
Posts: 23


« Reply #1 on: Friday 13 August 2010, 01:12:51 am »

So i saw that is possible but i tried implement but got auth failed, i will post my configurations:

my /var/ewf/openvpn/settings file:

AUTHENTICATION_STACK=local,ldap
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=grupogomes.local
DROP_DHCP=
GLOBAL_DNS=192.168.16.2/24
GLOBAL_NETWORKS=192.168.16.0/24,10.10.10.0/24
LDAP_BIND_DN=cn=Administrador,cn=Users,dc=grupogomes,dc=local
LDAP_BIND_PASSWORD=*****
LDAP_URI=ldap://192.168.16.2
LDAP_USER_BASEDN=ou=Utilizadores,ou=Pinhal Novo,dc=grupogomes,dc=local
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(SAMAccountName=%(u)s))
OPENVPN_ENABLED=on
PURPLECLIENT_BEGIN_DEVICE=tap2
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=192.168.16.25
PURPLE_IP_END=192.168.16.38
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on

LDAP_REQUIRE_GROUP=on
LDAP_GROUP_BASEDN=ou=Security Groups,ou=Pinhal Novo,dc=grupogomes,dc=local
LDAP_GROUP_SEARCHFILTER=(cn=Poceirão - Cesar Gomes)
LDAP_GROUP_MEMBERATTRIBUTE=member

So i want that the username can login only if it is member of "Poceirão - Cesar Gomes" Security Group.

What i am doing wrong?

This is my structure of AD:

DC=GrupoGomes,DC=local
-CN=Users
---CN=Administrador
-OU=Pinhal Novo
---OU=Security Groups
-----CN=Poceirão - Cesar Gomes (typy=group)
-----more 2 groups here
---OU=Utilizadores
-----OU=CesarGomes
--------CN=about 5 members on that OU
-----OU=euCasa
--------CN=About more 5 members on that OU
Logged

Best regards,

Daniel Gomes
danielcsgomes
Full Member
***
Offline Offline

Gender: Male
Posts: 23


« Reply #2 on: Monday 16 August 2010, 02:05:22 pm »

No one knows how to only allow members of a user group to connect throw OpenVPN?
Logged

Best regards,

Daniel Gomes
wdupreez
Full Member
***
Offline Offline

Posts: 12


« Reply #3 on: Wednesday 03 November 2010, 08:18:41 pm »

Hi Daniel, please see my post on authenticating OpenVPN users against AD. I hope it helps.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com