EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 30 November 2024, 07:53:42 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
OpenVPN AD By user in group
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: OpenVPN AD By user in group (Read 16015 times)
danielcsgomes
Full Member
Offline
Gender:
Posts: 23
OpenVPN AD By user in group
«
on:
Wednesday 11 August 2010, 09:11:42 pm »
Hello all, that is my first post here.
It was a hard job to make all the configuration without any background, but with some research and with this forum it happen. But now i have a question, there is any possibility of OpenVPN with LDAP see inside a Security Group the members associated and only allow that users to connect throw OpenVPN?
Now i am pointing LDAP to the OU where the users are, but i prefer to point to a Security Group that have associate users, i don't wanna all members connecting throw vpn to the company only the specific ones.
Thanks in advance,
Daniel Gomes
Logged
Best regards,
Daniel Gomes
danielcsgomes
Full Member
Offline
Gender:
Posts: 23
Re: OpenVPN AD By user in group
«
Reply #1 on:
Friday 13 August 2010, 01:12:51 am »
So i saw that is possible but i tried implement but got auth failed, i will post my configurations:
my /var/ewf/openvpn/settings file:
AUTHENTICATION_STACK=local,ldap
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=grupogomes.local
DROP_DHCP=
GLOBAL_DNS=192.168.16.2/24
GLOBAL_NETWORKS=192.168.16.0/24,10.10.10.0/24
LDAP_BIND_DN=cn=Administrador,cn=Users,dc=grupogomes,dc=local
LDAP_BIND_PASSWORD=*****
LDAP_URI=ldap://192.168.16.2
LDAP_USER_BASEDN=ou=Utilizadores,ou=Pinhal Novo,dc=grupogomes,dc=local
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(SAMAccountName=%(u)s))
OPENVPN_ENABLED=on
PURPLECLIENT_BEGIN_DEVICE=tap2
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=192.168.16.25
PURPLE_IP_END=192.168.16.38
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on
LDAP_REQUIRE_GROUP=on
LDAP_GROUP_BASEDN=ou=Security Groups,ou=Pinhal Novo,dc=grupogomes,dc=local
LDAP_GROUP_SEARCHFILTER=(cn=Poceirão - Cesar Gomes)
LDAP_GROUP_MEMBERATTRIBUTE=member
So i want that the username can login only if it is member of "Poceirão - Cesar Gomes" Security Group.
What i am doing wrong?
This is my structure of AD:
DC=GrupoGomes,DC=local
-CN=Users
---CN=Administrador
-OU=Pinhal Novo
---OU=Security Groups
-----CN=Poceirão - Cesar Gomes (typy=group)
-----more 2 groups here
---OU=Utilizadores
-----OU=CesarGomes
--------CN=about 5 members on that OU
-----OU=euCasa
--------CN=About more 5 members on that OU
Logged
Best regards,
Daniel Gomes
danielcsgomes
Full Member
Offline
Gender:
Posts: 23
Re: OpenVPN AD By user in group
«
Reply #2 on:
Monday 16 August 2010, 02:05:22 pm »
No one knows how to only allow members of a user group to connect throw OpenVPN?
Logged
Best regards,
Daniel Gomes
wdupreez
Full Member
Offline
Posts: 12
Re: OpenVPN AD By user in group
«
Reply #3 on:
Wednesday 03 November 2010, 08:18:41 pm »
Hi Daniel, please see my post on authenticating OpenVPN users against AD. I hope it helps.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.07 seconds with 17 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com