Closed n9yty closed 5 years ago
Check this post out here. Basically, add a package with apt (this guide uses yum, but the same package is on apt) then configure the server to authenticate against AD. You need to add one line (auth-user-pass) to the template that generates the .ovpn file.
https://www.allcloud.io/how-to/configure-openvpn-authentication-using-active-directory/
It could be a feature, but given that almost every implementation of AD has some quirks to it, I think it's one of those areas I'd leave to the user to customize.
Hope this helps.
Thanks, who would have thought it would have been so easy? LoL Because, as you say, every time I've played with LDAP and/or AD it is a bit quirky. I played around with an approach using an external script basaed on this post:
https://forums.openvpn.net/viewtopic.php?t=13053
It works, but using the plugin may prove more performant and secure.
Thanks so much for the feedback, hopefully this will prove useful for someone down the road.
Just curious, it may be well out of scope, but we are using this to secure access to a Windows server in Azure, but as it works now only the certificate is used to authenticate to the VPN. Would it be possible to extend this to query LDAP on a Windows server in Azure to look up the username and also require a password along with the certificate?