<html><body bgcolor="#FFFFFF"><div>Thanks Serge, don't think that is going to work for my situation. Little more background on what I'm doing. We are going two factor authentication. Using RSA SecureID, and I'm using RSA's built in Radius server. I have all my servers sucessfuly doing auth via Radius and the PAM mod. I also have all my windoze clients working as well. The last piece in the puzzle is my road warriors, and thought it would be a snap with PPTPD heh.</div>
<div><br></div><div>Next step; I'm going to purge PPTPD and radiusclient-ng and build from source. Could be something wrong with the packages, and I want to verify that hypothesis by building from source first, before even thinking of tracing down a possible bug. I just don't see many issues relating to my issue.</div>
<div><br></div><div>Busy weekend so I might not get to it till Monday.</div><div><br></div><div>Cheers,</div><div>Eric</div><div><br>Sent from my iPhone</div><div><br>On Jun 25, 2010, at 5:08 PM, Serge van Ginderachter <<a href="mailto:serge@vanginderachter.be">serge@vanginderachter.be</a>> wrote:<br>
<br></div><div></div><blockquote type="cite"><div><font face="arial,helvetica,sans-serif"><br></font><br><div class="gmail_quote">On 26 June 2010 00:39, Eric Peters <span dir="ltr"><<a href="mailto:eric@linuxsystems.net"><a href="mailto:eric@linuxsystems.net">eric@linuxsystems.net</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Anybody have any other suggestions I can try?</blockquote></div><br>I have set up OpenVPN with password athentication to Active Directory. I'll paste you my notes on this setup.<br>See also #
<a href="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/" id="nsdk" title="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/"><a href="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/">http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/</a></a><br>
<br><h2>openvpn.conf file:<br></h2><div>plugin /usr/lib/openvpn/openvpn-auth-ldap.so
auth-ldap.cfg</div><br><br><h2>auth-ldap.cfg for windows active directory</h2><br><div><br><a href="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/" id="nsdk" title="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/"></a></div>
<div><LDAP></div><div>
# LDAP server URL</div><div> URL
ldap://<a href="http://zeus.COMPANY.be"><a href="http://zeus.COMPANY.be">zeus.COMPANY.be</a></a></div><br><div> # Bind DN (If your LDAP
server doesn't support anonymous binds)</div><div> BindDN
"CN=OpenVPN,OU=Service Accounts,DC=COMPANY,DC=be"</div><br><div>
# Bind Password</div><div> # Password SecretPassword</div><div>
Password XXXXXXXXXX</div><br><div> # Network timeout
(in seconds)</div><div> Timeout 15</div><br><div>
# Enable Start TLS</div><div> #TLSEnable yes</div><div>
TLSEnable no</div><br><div></LDAP></div><br><div><Authorization></div><br><div>
# For active directory, I used sAMAccountName to search by
username</div><div> # I also configured the original search
filter to contain the group membership, instead of using the</div><div>
# RequireGroup directive below</div><br><div> # Base DN</div><div>
BaseDN "OU=Accounts,DC=COMPANY,DC=be"</div><br><div>
# User Search Filter</div><div> #SearchFilter
"(&(uid=%u)(accountStatus=active))"</div><div> SearchFilter
"(&(sAMAccountName=%u)(memberOf= cn=VPN_Access,OU=Security
Groups,OU=Accounts,DC=COMPANY,DC=be))"</div><br><div> # Require
Group Membership</div><div> RequireGroup false</div><br><div></Authorization></div><br>
</div></blockquote></body></html>