|
|
Hi Serge, Thanks for everything. So far, I manage to get auth-user-pass-verify to work with a vbscript which is called by a batch file. In fact, it works even without the batch file. I would like to ask something else, though it is a question that probably strays off tangent with regards to using scripts with OPenVPN on Windows machines. Is there a way to authenticate a user based not just on the username, password but also the MAC address of the machine on OpenVPN? I understand there is a learn-address command available on OpenVPN but I believe it is there merely to add, or update a MAC or Ipv4 address to the OpenVPN routing table. Hopefully, you or someone else is able to provide me with more advice and guidance. Thanks again Serge, you have been a great help!! Regards Kim Sia > Hi Kim Sia, > > 1. No, I'm not using the openvpn GUI. But I hardly see how it would impact > the way openvpn works. > Also, the scripts I'm running (such as client-connect) are server-side. > OpenVPN runs of course as a service on the server. > > 2. Yes, of course. Much like server.ovpn in the sample config dir. > > Serge. > http://www.apptranslator.com > > >> -----Original Message----- >> From: Sim Kim Sia [mailto:simksi@xxxxxxxxxxxxxxx] >> Sent: vendredi 2 février 2007 3:13 >> To: Serge Wautier >> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: Re: [Openvpn-users] how to code for authentication >> to a mysql server >> >> Hi Serge, >> >> It appears that when I use auth-user-pass-verify, my batch >> script does not appear to run. No windows console was generated. >> >> Can I confirm the following with you? >> >> 1) that you are also using the openvpn GUI for windows? >> >> 2) the openvpn.conf that you refer to is actually a .ovpn >> file for configuration? the type you can find inside the >> OpenVPN\sample-config folder? >> >> Thank you. >> >> Regards >> Kim Sia >> >> Extension: 3160 >> ----- Original Message ----- >> From: "Serge Wautier" <serge@xxxxxxxxxxx> >> To: <simksi@xxxxxxxxxxxxxxx> >> Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> >> Sent: Tuesday, January 30, 2007 10:08 PM >> Subject: RE: [Openvpn-users] how to code for authentication >> to a mysql server >> >> >> >I guess so. However I never used it before so I can't say for sure. >> > >> > Neither OpenVPN nor the OS (Whether Windows or Linux at >> least) relies >> > on a specific scripting language. >> > >> > On Windows, OpenVPN executes external scripts as batch files. Up to >> > you to launch a Windows script (.vbs, .js, .php, .py,...) from the >> > batch file using the method I showed earlier. On Linux, the script >> > engine is specified in the script's header line (which is a Linux >> > shell feature btw, not an OpenVPN one). >> > >> > From there on, you can use the script language you want >> provided the >> > corresponding engine is installed on the machine (Yes, vbscript is >> > installed by default on Windows ;-). >> > >> > HTH, >> > >> > Serge. >> > http://www.apptranslator.com >> > >> > >> >> -----Original Message----- >> >> From: simksi@xxxxxxxxxxxxxxx [mailto:simksi@xxxxxxxxxxxxxxx] >> >> Sent: mardi 30 janvier 2007 14:37 >> >> To: Serge Wautier >> >> Cc: 'Sim Kim Sia'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> >> Subject: RE: [Openvpn-users] how to code for authentication to a >> >> mysql server >> >> >> >> Hi Serge, >> >> >> >> I suppose it is not impossible to use >> auth-user-pass-verify using a >> >> vbscript instead of the pam perl script, is it? >> >> >> >> Thank you. >> >> >> >> > I don't use auth-user-pass-verify. I use certificate-based >> >> > authentication only. >> >> > >> >> > >> >> > _____ >> >> > >> >> > From: Sim Kim Sia [mailto:simksi@xxxxxxxxxxxxxxx] >> >> > Sent: mardi 30 janvier 2007 10:18 >> >> > To: Serge Wautier >> >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> >> > Subject: Re: [Openvpn-users] how to code for authentication >> >> to a mysql >> >> > server >> >> > >> >> > >> >> > Hi, >> >> > >> >> > so I understand this as you added the following line to >> the server >> >> > config file : >> >> > >> >> > client-connect connect.bat >> >> > >> >> > If so, do you still include the auth-user-pass-verify >> <script file >> >> > name> <method>? >> >> > >> >> > Thank you. >> >> > Regards >> >> > Kim Sia >> >> > >> >> > Extension: 3160 >> >> > >> >> > ----- Original Message ----- >> >> > From: Serge Wautier <mailto:serge@xxxxxxxxxxx> >> >> > To: 'Sim Kim Sia' <mailto:simksi@xxxxxxxxxxxxxxx> >> >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> >> > Sent: Tuesday, January 30, 2007 5:01 PM >> >> > Subject: RE: [Openvpn-users] how to code for authentication >> >> to a mysql >> >> > server >> >> > >> >> > in openvpn.conf: >> >> > client-connect connect.bat >> >> > >> >> > connect.bat: >> >> > echo Client connected : %common_name% echo Optional >> dynamic config >> >> > file : %1 pushd %~dp0 cscript >> >> connect.js >> >> > %common_name% %1 popd >> >> > >> >> > (pushd %~dp0 -> more info here: >> >> > >> >> >> <http://www.apptranslator.com/blog/2006/03/directory-management-in-ba >> >> t >> >> > ch-fil >> >> > es.html>) >> >> > >> >> > All files are stored in the same dir as openvpn.conf >> (used as the >> >> > current working directory for scripts launched by >> OpenVPN). But it >> >> > should be no problem storing them elsewhere. >> >> > >> >> > HTH, >> >> > >> >> > >> >> > Serge. >> >> > http://www.apptranslator.com <http://www.apptranslator.com/> >> >> > >> >> > >> >> > >> >> > _____ >> >> > >> >> > From: Sim Kim Sia [mailto:simksi@xxxxxxxxxxxxxxx] >> >> > Sent: mardi 30 janvier 2007 9:50 >> >> > To: Serge Wautier >> >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> >> > Subject: Re: [Openvpn-users] how to code for authentication >> >> to a mysql >> >> > server >> >> > >> >> > >> >> > Hi, >> >> > >> >> > thank you for your reply. >> >> > >> >> > May I ask how did you include your JScript file? >> >> > >> >> > Did you place it in the plugin folder of openvpn or just >> >> anywhere you >> >> > like on the server machine? >> >> > >> >> > thank you. >> >> > >> >> > Regards >> >> > Kim Sia >> >> > >> >> > Extension: 3160 >> >> > >> >> > ----- Original Message ----- >> >> > From: Serge <mailto:serge@xxxxxxxxxxx> Wautier >> >> > To: 'Sim Kim Sia' <mailto:simksi@xxxxxxxxxxxxxxx> >> >> > Sent: Tuesday, January 30, 2007 4:34 PM >> >> > Subject: RE: [Openvpn-users] how to code for authentication >> >> to a mysql >> >> > server >> >> > >> >> > Hi, >> >> > >> >> > I have a setup with an OpenVPN server (using PKI). I >> validate user >> >> > certificates against MySQL using a --client-connect script >> >> written in >> >> > JScript using ADO to look up the DB: >> >> > OpenVPN validates the certificate. Then it calls my >> >> --client-connect >> >> > script (passing it the CommonName as an argument. Read the >> >> doc, there >> >> > are more parameters passed through environment >> variables. My script >> >> > validates the CommonName by looking up the DB (I don't >> use CRL. For >> >> > this app, a white list was preferred to a black list). One >> >> can reject >> >> > a connection by having the script return a non-0 value. >> >> > >> >> > HTH, >> >> > >> >> > >> >> > Serge. >> >> > http://www.apptranslator.com <http://www.apptranslator.com/> >> >> > >> >> > >> >> > _____ >> >> > >> >> > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx >> >> > [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On >> >> Behalf Of Sim >> >> > Kim Sia >> >> > Sent: mardi 30 janvier 2007 9:18 >> >> > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> >> > Subject: [Openvpn-users] how to code for authentication >> to a mysql >> >> > server >> >> > >> >> > >> >> > Hi, >> >> > >> >> > I am using OpenVPN on Windows based machines. >> >> > >> >> > I have looked at the example scripts. They are using >> >> something called >> >> > pam library and the scripts are written in c and perl -- >> languages >> >> > that I am not strong at. >> >> > >> >> > I need to to ask the following: >> >> > >> >> > 1) >> >> > >> >> > How do I write a script such that the username and password >> >> supplied >> >> > by the user will be checked against a mysql database table >> >> containing >> >> > a list of usernames and passwords? >> >> > >> >> > And in a secure manner? >> >> > >> >> > 2) >> >> > >> >> > How do I use the command auth-user-pass-verify to do the above? >> >> > >> >> > I understand that the usual way is to have the line >> >> > >> >> > auth-user-pass-verify <script filename> >> >> > >> >> > are there other arguments that I must include? >> >> > >> >> > Thank you. >> >> > >> >> > Regards >> >> > Kim Sia >> >> > >> >> > Extension: 3160 >> >> > [This e-mail is confidential and may be priviledged. If >> you are not >> >> > the >> >> > >> >> > intended recipient, please kindly notify us immediately and >> >> delete the >> >> > message >> >> > >> >> > from your system; please do not copy or use it for any >> purpose, nor >> >> > disclose >> >> > >> >> > its contents to any other person. Thank you.] >> >> > >> >> > ---ST Electronics Group--- >> >> > >> >> > >> >> > >> >> > >> >> >> >> >> >> >> > >> > ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |