Bom dia !
alguém sabe com eu faço p fazer com que o openvpn faça a autenticação pelos
usuarios do samba, pelo pam eu sei que é com plugin
/usr/lib/openvpn-auth-pam.so common-auth. com os usuarios ruwindows  nao
podem acessar usando o pam, entao gostaria de colocar para rodar com o samba
isso é possivel ? como seria feto nesse caso ?

essa é minha configuração do openvpn
############################################################

# Dispositivo utilizado pelo OpenVPN
dev     tun
# Define que atuaremos como servidor
mode    server
# Indica que o servidor atuará como o
# controlador no canal de comunicação
# durante a conexão TLS
tls-server
# Permite que os clientes conectados ao
# servidor troquem pacotes entre si
 client-to-client
# with tls-auth  server is value 0 and client is value 1
#tls-auth keys/ta.key 0
dh      keys/dh1024.pem
ca      keys/ca.crt
cert    keys/server.crt
key     keys/server.key
duplicate-cn
server 171.171.100.0 255.255.255.0 # IP range clients
ifconfig-pool-persist ipp.txt
# note: initial tests used these, and they worked, but
# the man page hade the two lines above.
#ifconfig 192.168.100.1 192.168.100.2
#ifconfig-pool 192.168.100.5 192.168.100.200 # IP range clients
route-up "route delete -net 171.171.100.0/24"
route-up "route add -net 171.171.100.0/24 tun0"
ush "route 171.171.100.1" # add route to protected network
# the next line tells the client to route all traffic thru the VPN
# you might not want this
#push "redirect-gateway def1"
# if you do not want to route all client traffic thru VPN, do something
like
# the following (uncomment out and edit as needed)
#push "route 10.90.134.0 255.255.255.0"
#push "route 10.0.134.0 255.255.255.0"
#push "route 195.214.241.0 255.255.255.0"
# if you have mobile users, the following can be used:
#push "dhcp-option DOMAIN riseup.net"  #push the DNS domain suffix
#push "dhcp-option DNS 10.32.1.14 "  #push DNS entries to client
#push "dhcp-option WINS 69.90.134.134 "  #push WINS entries to client
port 1194
user nobody
group nogroup
; comp-lzo
ping 60
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key
verb 6
log-append      /var/log/openvpn/openvpn.log
status          /var/log/openvpn/status.log
plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth

client-cert-not-required


desde ja fico grato
-- 
Att

Anderson Bertling

Responder a