[Openvpn-users] Fwd: tls-verify script not working

Tue, 06 Oct 2015 07:57:32 -0700 

On Tue, Oct 6, 2015 at 9:48 AM, Dreetjeh D <dreet...@hotmail.com> wrote:

>
> Hello,
>
> >>Unless you meant ISO 639-3 languages ;)
> Yes, i meant exactly that :-)
> Just trying to look at an example and try to understand what it`s doing.
> I have no IT background and as middle age man taking first steps i come to
> realise that it`s not so easy as taking first steps as a child :-)
>
> >>If the purpose is to match common_name against username, tls-verify is
> not the right tool. You can do that in the
> >>auth-user-pass-verify "script".
> OK thank you, so i found something on a user forum:
> **************
> #!/bin/sh
> user1="user1"
> pass1="password1"
> test "$user" = "${username}" && test "$pass" = "${password}" && exit 0
> exit 1
> **************
> To add more users and see them in the log, i change that to:
> **************
> #!/bin/sh
> echo "[${username}] [${X509_0_CN}]" <-- Thanks JJK
> user1="username1"
> cn1="commonname1"
> user2="username2"
> cn2="commonname2"
> test "$user1" = "${username}" && test "$cn1" = "${X509_0_CN}" && exit 0
> test "$user2" = "${username}" && test "$cn2" = "${X509_0_CN}" && exit 0
> exit 1
> **************
> With succes :-)
>

Yes that should do if you dont care about checking passwords. To scale it
up you could change your userlist.txt to contain

username1:commonname1
username2:commonname2
etc..

and change the script to

#!/bin/sh

userlist_file="/volume1/@appstore/VPNCenter/scripts/userlist.txt"

echo "Verifying user:CN  ${username}:${X509_0_CN}"
grep -q "^${username}:${X509_0_CN}$" "${userlist_file}" && exit 0
exit 1

That makes it less cumbersome to add users. Just keep adding them to
userlist.txt, one line per user with no surrounding blank spaces.

Selva

If a user tries to login with cert from another, no access and a mention in
> the log.
> Since i not have too many users, this is sufficient enough for me.
>
> Thank you all,
> André
>
>
>
>
>
>

------------------------------------------------------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to