VPN help suggestions

Eric Peters eric at linuxsystems.net
Sat Jun 26 01:44:03 UTC 2010 

Thanks Serge, don't think that is going to work for my situation. Little
more background on what I'm doing. We are going two factor authentication.
Using RSA SecureID, and I'm using RSA's built in Radius server. I have all
my servers sucessfuly doing auth via Radius and the PAM mod. I also have all
my windoze clients working as well. The last piece in the puzzle is my road
warriors, and thought it would be a snap with PPTPD heh.

Next step; I'm going to purge PPTPD and radiusclient-ng and build from
source. Could be something wrong with the packages, and I want to verify
that hypothesis by building from source first, before even thinking of
tracing down a possible bug. I just don't see many issues relating to my
issue.

Busy weekend so I might not get to it till Monday.

Cheers,
Eric

Sent from my iPhone

On Jun 25, 2010, at 5:08 PM, Serge van Ginderachter <
serge at vanginderachter.be> wrote:



On 26 June 2010 00:39, Eric Peters <eric at linuxsystems.net> wrote:

> Anybody have any other suggestions I can try?


I have set up OpenVPN with password athentication to Active Directory. I'll
paste you my notes on this setup.
See also #
http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/

openvpn.conf file:
plugin /usr/lib/openvpn/openvpn-auth-ldap.so auth-ldap.cfg


auth-ldap.cfg for windows active directory

<http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/>
<LDAP>
        # LDAP server URL
        URL             ldap://zeus.COMPANY.be

        # Bind DN (If your LDAP server doesn't support anonymous binds)
        BindDN          "CN=OpenVPN,OU=Service Accounts,DC=COMPANY,DC=be"

        # Bind Password
        # Password      SecretPassword
        Password        XXXXXXXXXX

        # Network timeout (in seconds)
        Timeout         15

        # Enable Start TLS
        #TLSEnable      yes
        TLSEnable       no

</LDAP>

<Authorization>

        # For active directory, I used sAMAccountName to search by username
        # I also configured the original search filter to contain the group
membership, instead of using the
        # RequireGroup directive below

        # Base DN
        BaseDN          "OU=Accounts,DC=COMPANY,DC=be"

        # User Search Filter
        #SearchFilter   "(&(uid=%u)(accountStatus=active))"
        SearchFilter    "(&(sAMAccountName=%u)(memberOf=
cn=VPN_Access,OU=Security Groups,OU=Accounts,DC=COMPANY,DC=be))"

        # Require Group Membership
        RequireGroup    false

</Authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100625/3d2c9099/attachment.html>

More information about the ubuntu-server mailing list