Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - authentication against active directory

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 8.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rel2001
      last edited by

      Hi,
      I have implemented a VPN solution based on OpenVPN with shared key security. I would like to add authentication against active directory (Internet Authentication Service). I know that ldap authentication is planned to be part of version 1.3. Nevertheless, I have seen some posts which describes some workarounds.
      Is ther anything someone can recommend?
      BTW, Is the openVPN version in pfsense the same as the latest openVPN version at www.openvpn.org?

      Thanks for any help,

      Ariel

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Did you read this sticky?:
        http://forum.pfsense.org/index.php/topic,4105.0.html
        This is for with FreeRADIUS.

        http://openvpn.net/howto.html#auth

        If you search with google i'm sure you'll find more info on how to set up authentication against ldap.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • F
          fogogg
          last edited by

          @GruensFroeschli:

          Did you read this sticky?:
          http://forum.pfsense.org/index.php/topic,4105.0.html
          This is for with FreeRADIUS.

          I just completed this setup as described in the sticky. My eventual goal is to change the settings in the pam file to an internal Windows RADIUS server authenticating directly from our Active Directory. Is this possible or as simple as I'd like it to be, or am I stuck doing something like the link below if I want VPN users to authenticate with AD?

          http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Well why use the FreeRADIUS PAM module when you could use directly an ldap-module?

            Something like this:
            http://code.google.com/p/openvpn-auth-ldap/

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • F
              fogogg
              last edited by

              That looks fantastic if I can make it work, thanks very much.

              1 Reply Last reply Reply Quote 0
              • R
                rel2001
                last edited by

                @GruensFroeschli:

                Well why use the FreeRADIUS PAM module when you could use directly an ldap-module?

                Something like this:
                http://code.google.com/p/openvpn-auth-ldap/

                I have looked at it and I am unfortunately not very familiar with compile issues. Is there an already compiled version for FreeBSD which I can download and configure?

                1 Reply Last reply Reply Quote 0
                • R
                  rel2001
                  last edited by

                  Hi,
                  finally I found the relevant packages for the ldap authentication and installed them. Unfortunately The Plugin does not load up due to a missing library which indeed does not reside on my installation.
                  I have seen similar behavior described in the forum and the recommendation was to reinstall openvpn.
                  My question is: if I reinstall openvpn (pk_ad -r openvpn) do I loose my current openvpn configuration?
                  In addition I would like to know if there are any differneces regarding security between the radius implementation and the ldap implementation.
                  Thanks in advance
                  Ariel

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.