|
|
well, you can also use microsoft native radius server (internet authentication service) instead of radiator and validate users/groups directly to ad. just create radius client and remote access policy with PAP authentication and optionaly separated connection request policy on win2003. you can use NAS-identifier and/or group membership to select policy condition. works perfectly. dan > -----Original Message----- > From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx > [mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf > Of Rainer Sokoll > Sent: Tuesday, March 08, 2005 6:07 PM > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx > Cc: Rainer Sokoll > Subject: Re: [Openvpn-users] OpenVPN, Radius, ActiveDirectory > > On Tue, Mar 08, 2005 at 04:09:13PM +0100, Rainer Sokoll wrote: > > > If this is from wider interest, I can post my solution to the list, > > otherwise just drop me a note. > > This is what I did: > > ----[on the OpenVPN server]---- > - cd $openvpnsource/plugin/auth-pam/ > - build openvpn-auth-pam.so according to the README provided > - copy openvpn-auth-pam.so to /lib/security/ > - cd $OPENVPN_CONFIG_DIR > - echo "plugin /lib/security/openvpn-auth-pam.so openvpn" >> > $MY_CONFIG > - download ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar > - build pam_radius_auth.so > - copy pam_radius_auth.so to /lib/security > - cd to /etc/pam.d and create a file called openvpn > - mine looks as follows: > #%PAM-1.0 > auth required /lib/security/pam_radius_auth.so > account required /lib/security/pam_radius_auth.so > - create /etc/raddb/server > - mine looks as follows: > name_of_radius_server:1645 (insert your secret here) 3 > > ----[on the RADIUS server]---- > - (note that I am running radiator) > - the relevant parts from /etc/radiator.conf: > <Client (name or address of your openvpn server)> > Secret (insert your secret here) > DupInterval 0 > DefaultRealm (insert your realm here) > </Client> > <AuthBy LDAP2> > Identifier Check_(insert your realm here) > Host name_or_ip_of_your_doamin_controller > AuthDN CN=Radiator,OU=_System > Services,DC=ad,DC=intershop,DC=net > AuthPassword insert_your_password_here > BaseDN DC=ad,DC=intershop,DC=net > UsernameAttr sAMAccountName > ServerChecksPassword > SearchFilter (&(msNPAllowDialin=TRUE)(%0=%1)) > Debug 255 > </AuthBy> > > I must admit that I am not a guru in radiator... > Hope that is useful for somebody, > > Rainer > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from > real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00003.html on line 251 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00003.html on line 251 |