How to add users to your OpenVPN Access Server using PAM
This HOWTO guide covers adding local users with the PAM authentication system.
To add a user for the OpenVPN Access Server to recognize you will need to open up the linux terminal for the server that OpenVPN-AS is running on. In this example we will be using a popular ssh client called putty since we will be adding users remotely from a Windows Machine. You can donwnload your own copy of putty (free ssh client) from this link:
After opening Putty we will get this window:
You are now going to have to add the IP of the Linux Machine that hosts OpenVPN-AS. In our case it would be: 10.7.31.144, your IP/Hostname will be different:
After entering in the proper Hostname or IP address go ahead and click "Open". You will now be prompted to enter your username and credentials, we will be logging inwith our root credentials, yours might be tied to a Super User (Sudo):
After entering in the proper user credentials you will receive the command prompt, in our case;[root@localhost ~].
At the command prompt you will now need to enter the adduser command, for instance; if you want to add exampleuser as the username you would enter the comand as follows:
# adduser example user
After adding the user you will need to assign a password to the new user account by using the following command (assuming we are setting a password for username: exampleuser): # passwd exampleuser
After you have added the local user to your linux machine you will be able to login to the OpenVPN-AS Client UI (https://x.x.x.x:943) with the newly created credentials:
Choose PAM as the authentication method for Access Server to use; click on PAM in the left menu; then choose Use PAM
If you would like to set OpenVPN-AS Specific User Permissions; for example: Administrator, AutoLogin, VPN IP Address etc you will need to login to the OpenVPN-AS Admin UI (https://x.x.x.x:943/admin) with an Administrator account and navigate over to the User Permissions page:
If you look at the above screenshot you will see where we have added the exampleuser username. After entering the username you would like to configure you can then select where you want to assign Administrative privileges or allow the user to have an Auto-login profile. If you click the "Show" link next the the user you can configure even more specific settings like the VPN IP Address etc, this would also be used if you are setting up a gateway client:
Once you have saved the settings you will see a prompt that lets you know the setting were applied successfully.
You now have a fully functional user in OpenVPN-AS.