问题描述
我正在尝试使用我的 Active Directory 服务器(openvpn 服务器和 Activedirectory 服务器在同一网络中)配置带有 ldap 或 pam 身份验证的 openvpn。 我尝试使用 ldap 我无法成功登录,所以我决定测试 PAM,但我有同样的问题。 openVPN GUI 客户端版本 (2.5) windows 10 openvpn 服务器版本 (2.4.10) centos。
/etc/openvpn/server.conf
port 443
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_3cq71l9glJNwLXjJ.crt
key server_3cq71l9glJNwLXjJ.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
pull-filter ignore "auth token"
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
client-cert-not-required
script-security 2
#auth-user-pass-verify ldap-check-user.sh via-env
username-as-common-name
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so auth-ldap.conf
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
/etc/nslcd.conf
uid nslcd
gid ldap
uri ldap://ActiveDirectory-IP/
base dc=mydomain,dc=local
binddn cn=testopenvpn,dc=OPENVPNAD,dc=local
bindpw password
scope sub
base group ou=Users,dc=mydomain,dc=local
base passwd ou=Users,dc=local
base shadow ou=Users,dc=local
bind_timelimit 30
timelimit 30
pagesize 1000
referrals off
filter passwd (&(objectClass=user)(memberOf=cn=vpnusers,ou=Users,dc=local)
map passwd uid sAMAccountName
filter shadow (&(objectClass=user)(memberOf=cn=vpnusers,dc=local)
map shadow uid sAMAccountName
tls_reqcert never
/etc/pam.d/openvpn
#auth sufficient pam_ldap.so minimum_uid=1000 use_first_pass
#auth required pam_deny.so
#password sufficient pam_ldap.so minimum_uid=1000 use_first_pass
#password required pam_deny.so
auth required pam_ldap.so
account sufficient pam_permit.so
session required pam_permit.so
/etc/openvpn/auth-ldap.conf
<LDAP>
#URL ldap://mydomain.local
URL ldap://ActiveDirectory-ip:389
BindDN "CN=testopenvpn,CN=Users,DC=mydomain,DC=local"
Password password
Timeout 15
TLSEnable no
# Follow LDAP Referrals (anonymously)
FollowReferrals no
# TLS CA Certificate File
TLSCACertFile /etc/openvpn/openvpn-ca.crt
</LDAP>
<Authorization>
Basedn "dc=mydomain,dc=local"
SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=vpnusers,DC=local))"
RequireGroup false
</Authorization>
profile.ovpn
client
proto tcp-client
remote x.x.x.x 443
dev tun
resolv-retry infinite
nobind persist-key
persist-tun
auth-user-pass
remote-cert-tls
server
verify-x509-name server_3cq71l9glJNwLXjJ name
auth SHA256
auth-nocache
pull-filter ignore "auth token"
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unkNown-option block-outside-dns
verb3
<ca> <ca/>
<cert></cert>
<key></key>
<tls-crypt>
</tls-crypt>
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)