I've found easy scripts for use in OpenVPN to authentication with LDAP (I'm tested on Windows AD). It's solution from Selivanov Pavel.
1. Install OpenVPN in normal step.
2. Install OpenLDAP in normal step.
3. create "ldap-check-user.sh" script in OpenVPN directory
#!/bin/bash
bind_dn="cn=<user>,cn=Users,dc=domain,dc=com"
bind_pass="<password>"
host=rserver
port=389
dn=`ldapsearch -x -D "$bind_dn" -w $bind_pass -h $host -p $port -LLL -s sub \
-b "cn=Users,dc=radix-tools" "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$username))" "dn" | cut -d':' -f 2`
if [ $? != 0 ]; then
echo "Error: user $username not found."
exit 1
fi
ldapsearch -x -D "$dn" -w $password -h $host -p $port -LLL -s sub \
-b "cn=Users,dc=domain,dc=com" "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$username))" > /dev/null 2>&1
if [ $? != 0 ]; then
echo "Error: password for $username is incorrect."
exit 1
fi
exit 0
4. Insert "auth-user-pass-verify ldap-check-user.sh via-env" in OpenVPN server configuration file.
5. Insert "auth-user-pass" in OpenVPN client configuration file.
6. Enjoy.
Thanks for solution from Selivanov Pavel
http://serverfault.com/questions/333426/openvpn-plugin-openvpn-auth-ldap-does-not-bind-to-active-directory
วันพฤหัสบดีที่ 23 กุมภาพันธ์ พ.ศ. 2555
วันอาทิตย์ที่ 19 กุมภาพันธ์ พ.ศ. 2555
วันพุธที่ 15 กุมภาพันธ์ พ.ศ. 2555
Install Freeradius mysql Authen on FreeBSD step by step.
# Install freeradius from port
cd /usr/ports/net/freeradius2
make install clean
# Configuration
cd /usr/local/etc/raddb
vi sites-enabled/default
#at authenticate section
#remove "#" before "pam" after line "# Pluggable Authentication Modules."
#save and exit
# Test Config
#1'st terminal
radiusd -X
#2'nd terminal
radtest _yourSystemUser_ _yourSystemPassword_ localhost 0 testing123
#if show message "Access Accept" go to next step.
#MySQL Authen section now in /usr/local/etc/raddb directory
vi radiusd.conf
#remove "#" before "$INCLUDE sql.conf"
#save and exit
vi sites-enabled/default
#At "authorize" section
#remove "#" before "sql" after line "# See "Authorization Queries" in sql.conf"
#At "accounting" section
#remove "#" before "sql" after line "# See "Accounting queries" in sql.conf"
#Save and Exit
#MySQL Database section.
#Please create database "radius" first.
cd sql/mysql
mysql -u _MySQLUser_ -p_MySQLPasswd_ radius < schema.sql
mysql -u _MySQLUser_ -p_MySQLPasswd
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'Password','guest');
exit
# Test SQL Authen Config
#1'st terminal
radiusd -X
#2'nd terminal
radtest guest guest localhost 0 testing123
#if show message "Access Accept" success.
cd /usr/ports/net/freeradius2
make install clean
# Configuration
cd /usr/local/etc/raddb
vi sites-enabled/default
#at authenticate section
#remove "#" before "pam" after line "# Pluggable Authentication Modules."
#save and exit
# Test Config
#1'st terminal
radiusd -X
#2'nd terminal
radtest _yourSystemUser_ _yourSystemPassword_ localhost 0 testing123
#if show message "Access Accept" go to next step.
#MySQL Authen section now in /usr/local/etc/raddb directory
vi radiusd.conf
#remove "#" before "$INCLUDE sql.conf"
#save and exit
vi sites-enabled/default
#At "authorize" section
#remove "#" before "sql" after line "# See "Authorization Queries" in sql.conf"
#At "accounting" section
#remove "#" before "sql" after line "# See "Accounting queries" in sql.conf"
#Save and Exit
#MySQL Database section.
#Please create database "radius" first.
cd sql/mysql
mysql -u _MySQLUser_ -p_MySQLPasswd_ radius < schema.sql
mysql -u _MySQLUser_ -p_MySQLPasswd
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'Password','guest');
exit
# Test SQL Authen Config
#1'st terminal
radiusd -X
#2'nd terminal
radtest guest guest localhost 0 testing123
#if show message "Access Accept" success.
วันพฤหัสบดีที่ 9 กุมภาพันธ์ พ.ศ. 2555
FreeBSD port update
cd /usr/ports net/cvsup-without-gui
make install clean
cp /usr/share/examples/cvsup/ports-supfile /root/
vi /root/ports-supfile
change default cvsup host
default host=CHANGE_THIS.FreeBSD.org
if you want to update all ports
uncommnet this line by remove # at the first of line
ports-all
else
comment "ports-all" out
and uncomment update option you want.
run this command
cvsup -g -L 2 /root/ports-supfile
***
refer : http://blog.cleannet.co.th/?p=14
make install clean
cp /usr/share/examples/cvsup/ports-supfile /root/
vi /root/ports-supfile
change default cvsup host
default host=CHANGE_THIS.FreeBSD.org
if you want to update all ports
uncommnet this line by remove # at the first of line
ports-all
else
comment "ports-all" out
and uncomment update option you want.
run this command
cvsup -g -L 2 /root/ports-supfile
***
refer : http://blog.cleannet.co.th/?p=14
วันจันทร์ที่ 6 กุมภาพันธ์ พ.ศ. 2555
TUN/TAP Interface in FreeBSD8
To load tun/tap interface in FreeBSD please edit file name : /boot/defaults/loader.conf
change if_tap_load="NO" to if_tap_load="YES"
or if_tun_load="NO" to if_tap_load="YES"
If have a problem about interface couldn't load. You can try this command to load interface.
ifconfig tun/tap* create
* tun or tap type of interface
Then reboot computer.
change if_tap_load="NO" to if_tap_load="YES"
or if_tun_load="NO" to if_tap_load="YES"
If have a problem about interface couldn't load. You can try this command to load interface.
ifconfig tun/tap* create
* tun or tap type of interface
Then reboot computer.
สมัครสมาชิก:
บทความ (Atom)