Hi,
This is like talking to myself, but here goes:
On Sun, Jan 8, 2017 at 3:00 PM, <selva.n...@gmail.com> wrote:
> Currently the username unqualified by the domain is used to validate
> a user which fails for domain users. Instead compare the user's SID
> with SIDs in the Administrators group and ovpn_admin_group.
>
> This has the advantage that connection to a domain controller is not
> required and will work even when user is logged in with cached credentials.
>
> Limitations:
> (i) Group membership is not checked recursively
> (ii) Domain administrators will not be recognized as members of local
> Administrators group.
>
> Resolves Trac: #810
>
Based on further discussions on Trac: #810, domain admins are
understandably not pleased with those limitations. I'll submit a v2.
Selva
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
