VPN help suggestions

Eric Peters eric at linuxsystems.net
Mon Jun 28 15:53:58 UTC 2010

Ok it was something stupid in the pptpd config, and thanks to Spacelee who
pointed me in the right direction making sure Cleartext was enabled
" require-pap " thanks all who replied =)


On Fri, Jun 25, 2010 at 6:44 PM, Eric Peters <eric at linuxsystems.net> wrote:
> Thanks Serge, don't think that is going to work for my situation. Little
more background on what I'm doing. We are going two factor authentication.
Using RSA SecureID, and I'm using RSA's built in Radius server. I have all
my servers sucessfuly doing auth via Radius and the PAM mod. I also have all
my windoze clients working as well. The last piece in the puzzle is my road
warriors, and thought it would be a snap with PPTPD heh.
> Next step; I'm going to purge PPTPD and radiusclient-ng and build from
source. Could be something wrong with the packages, and I want to verify
that hypothesis by building from source first, before even thinking of
tracing down a possible bug. I just don't see many issues relating to my
> Busy weekend so I might not get to it till Monday.
> Cheers,
> Eric
> Sent from my iPhone
> On Jun 25, 2010, at 5:08 PM, Serge van Ginderachter <
serge at vanginderachter.be> wrote:
> On 26 June 2010 00:39, Eric Peters <eric at linuxsystems.net> wrote:
>> Anybody have any other suggestions I can try?
> I have set up OpenVPN with password athentication to Active Directory.
I'll paste you my notes on this setup.
> See also #
> openvpn.conf file:
> plugin /usr/lib/openvpn/openvpn-auth-ldap.so auth-ldap.cfg
> auth-ldap.cfg for windows active directory
> <LDAP>
>         # LDAP server URL
>         URL             ldap://zeus.COMPANY.be
>         # Bind DN (If your LDAP server doesn't support anonymous binds)
>         BindDN          "CN=OpenVPN,OU=Service Accounts,DC=COMPANY,DC=be"
>         # Bind Password
>         # Password      SecretPassword
>         Password        XXXXXXXXXX
>         # Network timeout (in seconds)
>         Timeout         15
>         # Enable Start TLS
>         #TLSEnable      yes
>         TLSEnable       no
> </LDAP>
> <Authorization>
>         # For active directory, I used sAMAccountName to search by
>         # I also configured the original search filter to contain the
group membership, instead of using the
>         # RequireGroup directive below
>         # Base DN
>         BaseDN          "OU=Accounts,DC=COMPANY,DC=be"
>         # User Search Filter
>         #SearchFilter   "(&(uid=%u)(accountStatus=active))"
>         SearchFilter    "(&(sAMAccountName=%u)(memberOf=
cn=VPN_Access,OU=Security Groups,OU=Accounts,DC=COMPANY,DC=be))"
>         # Require Group Membership
>         RequireGroup    false
> </Authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100628/4a1daaff/attachment.html>

More information about the ubuntu-server mailing list