|
Title: OpenVPN and AD groups Post by: Siddique on Saturday 25 February 2012, 06:18:53 am Hi, I currently have three sites, two with physical locations and one cloud. We have our Endian servers at all sites and are tied to our Active Directory.
Office 1 - VPN CAN Office 2 - VPN IND Cloud - VPN Global The way we'd like to have it is that Office 1 only allows VPN CAN and Office 2 only allows VPN IND. We want to have both groups able to use the Cloud one via a nested group in active directory. So far I can't seem to get it to work. Below is a copy of my /var/efw/openvpn/settings file. Ideally we'd like to have 2 different OU's but that didn't seem something we could easily do. AUTHENTICATION_STACK=ldap,local AUTH_TYPE=psk CLIENT_TO_CLIENT=on DOMAIN={domain} DROP_DHCP=on GLOBAL_DNS={dns servers} GLOBAL_NETWORKS={networks} LDAP_BIND_DN={LDAP container} LDAP_BIND_PASSWORD={password} LDAP_URI=ldap://{primary ldap server} LDAP_USER_BASEDN={Container with users} LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s)(memberof=CN=VPN.CAN,OU=Groups-NonSecure,DC=Corp,DC=AwareBase,DC=net)) OPENVPN_ENABLED=on PORT=1194 PROTOCOL=udp PURPLECLIENT_BEGIN_DEVICE=tap2 PURPLE_DEVICE=tap0 PURPLE_IP_BEGIN={VPN IP Range Start} PURPLE_IP_END={VPN IP Range End} PURPLE_NET= PUSH_DOMAIN=on PUSH_GLOBAL_DNS=on PUSH_GLOBAL_NETWORKS=on Thanks, Siddique |