|
|
On Thu, 2005-05-05 at 21:27 -0500, Jeffry Bilder wrote: > Has anyone successfully integrated OpenVPN road warriors to authenticate > via AD through pam? I use krb5 through PAM, but not AD; consquently, I'm not in a good position to answer this. > Also, is it possible to only push certain networks to clients per login id. > (ie. Johnh can see the whole network, which debbied can only see the > main office.) Absolutely. In your client-connect script, check the username or CN and set your "push" variables appropriately. However, this doesn't provide good security: Folks can just add their own routes manually and get to the restricted networks. If you want an actual security measure, using a learn-address script that sets iptables rules specific to the client's IP (again based on the contents of the username) controlling what data is permitted to be passed through the VPN. BTW, please don't send me private mail except in direct response to something I've already posted on-list. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00068.html on line 197 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00068.html on line 197 |