[SOLVED] Using Samba4 to authenticate users on OpenVPN

Blue_Ice · 07-10-2015, 06:54 AM

Does anyone have any experience on authenticating users on OpenVPN by using Samba4? Samba4 is configured as an Active Directory Domain Controller.
I have used a configuration file that I know is working as I used it before. The only difference is that in that config file I am using the linux accounts to authenticate instead of Samba4.

So far I have tried to setup OpenVPN using openvpn-plugin-auth-pam.so/pam_winbind.so and openvpn-auth-ldap.so. But neither one of them I got to work.

Code:

# OpenVPN.config
mode server
tls-server
route-gateway dhcp
local xxx.xxx.xxx.xxx
port 1194
proto tcp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server-bridge
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 200
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
duplicate-cn
push "redirect-gateway def1"
management localhost 7505
passtos
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
#plugin /usr/lib/openvpn/openvpn-auth-ldap.so "ldap-auth.config"

sundialsvcs · 07-10-2015, 08:11 AM

I'm not familiar with using Samba in such a role. Ordinarily, I see LDAP being used. Can Samba be used for this purpose? Can you cite some web-page sources?

Blue_Ice · 07-10-2015, 10:28 AM

Sorry to all... It was not the authentication that went wrong. The daemon is not starting all the time. Since I fixed this, I can authenticate through ldap.

fshah · 07-14-2015, 09:06 AM

@sundialsvcs yes samba4 can be used as AD DC. Please view below link

http://ubuntuforums.org/showthread.php?t=2146198

Thanks