<font face="arial,helvetica,sans-serif"><br></font><br><div class="gmail_quote">On 26 June 2010 00:39, Eric Peters <span dir="ltr"><<a href="mailto:eric@linuxsystems.net">eric@linuxsystems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

Anybody have any other suggestions I can try?</blockquote></div><br>I have set up OpenVPN with password athentication to Active Directory. I'll paste you my notes on this setup.<br>See also #
 <a href="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/" id="nsdk" title="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/">http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/</a><br>

<br><h2>openvpn.conf file:<br></h2><div>plugin /usr/lib/openvpn/openvpn-auth-ldap.so 
auth-ldap.cfg</div><br><br><h2>auth-ldap.cfg for windows active directory</h2><br><div><br><a href="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/" id="nsdk" title="http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/"></a></div>

<div><LDAP></div><div>  
      # LDAP server URL</div><div>        URL             
ldap://<a href="http://zeus.COMPANY.be">zeus.COMPANY.be</a></div><br><div>        # Bind DN (If your LDAP 
server doesn't support anonymous binds)</div><div>        BindDN        
  "CN=OpenVPN,OU=Service Accounts,DC=COMPANY,DC=be"</div><br><div>  
      # Bind Password</div><div>        # Password      SecretPassword</div><div>  
      Password        XXXXXXXXXX</div><br><div>        # Network timeout 
(in seconds)</div><div>        Timeout         15</div><br><div>       
 # Enable Start TLS</div><div>        #TLSEnable      yes</div><div>    
    TLSEnable       no</div><br><div></LDAP></div><br><div><Authorization></div><br><div>  
      # For active directory, I used sAMAccountName to search by 
username</div><div>        # I also configured the original search 
filter to contain the group membership, instead of using the</div><div>  
      # RequireGroup directive below</div><br><div>        # Base DN</div><div>  
      BaseDN          "OU=Accounts,DC=COMPANY,DC=be"</div><br><div>    
    # User Search Filter</div><div>        #SearchFilter   
"(&(uid=%u)(accountStatus=active))"</div><div>        SearchFilter  
  "(&(sAMAccountName=%u)(memberOf= cn=VPN_Access,OU=Security 
Groups,OU=Accounts,DC=COMPANY,DC=be))"</div><br><div>        # Require 
Group Membership</div><div>        RequireGroup    false</div><br><div></Authorization></div><br>