|
|
Marcos Morais schrieb: >Hello Users, >I still have some doubts about how will remote clients have access to >resources in the LAN using OpenVPN. > >1 - I want to be able to limit the users to acces only the resources that >they normally use on the LAN, such as Email, File servers etc. How can that >be achieved? >2 - Can anybody give me details about how to direct the remote users to an >LDAP or NIS server, so that they are authenticated there and gain all the >permissions they normally have in the LAN? > > Mhhh.... if you want to call the M$ way _normal_ OK. - You can verify the authentication against AD. - I have _not_ seen _authorization_ though and this is IMHO because M$ does not provide a kinit program which we could use to get a TGT and thus have access to the ressources controlled by M$ kerberos. I _believe_ this is achieved in some commercial access packages by modifying the thing they call GINA in Redmond. This is not strictly a OpenVPN issue. In order to achieve this we would probably need an advanced Plug-In which would be called at connection time and does a kinit on the AD and stores the TGT on the client in the wherever _normal_ place. cheers Erich ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00069.html on line 203 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00069.html on line 203 |