Hang on..I don't see how this can work (I haven't tried it btw).
If I simply copy login to openvpn1 and call openvpn_auth_pam with that file
as a parameter, how can it magically know to query IPA for the openvpn1
service as opposed to username/password? Must I not change the openvpn1
file to have
Simo,
That sounds easy enough. I will test it asap when I get to work on monday
and let you know.
Thank you (and Dmitri) so far and have a good weekend.
Fred
On Fri, Oct 5, 2012 at 9:09 PM, Simo Sorce wrote:
>
> Fred I suggest you copy the 'login' file into 2 new files: openvpn1 and
> openvn
Fred I suggest you copy the 'login' file into 2 new files: openvpn1 and
openvn2
Then configure the two instance instance with:
plugin openvpn_auth_pam openvpn1
and
plugin openvpn_auth_pam openvpn2
respectively.
Then you can create HBAC rules in IPA using openvpn1 and openvon2 as
service names.
Dmitri,
Well, this is, sort of, the point. I have no experience using pam, so I
have no idea how to set this up.
I have authentication up and running, but, like I said, both OpenVPN
instances happily authenticate users from both groups of users.
In my openvpn config file i have:
plugin openvpn_
On Fri, Oct 5, 2012 at 10:03 AM, Dmitri Pal wrote:
> On 10/05/2012 12:16 PM, Stephen Ingram wrote:
>> As I typically have saslauthd use kerberos to authenticate users I
>> really haven't had the occasion to try before. Since freeipa machines
>> use SSSD to help manage users on the system, I though
On 10/05/2012 02:13 PM, Fred van Zwieten wrote:
> You are completely right :-)
>
> Both IPA server and client are RHEL6.3 x86_64 boxes.
>
> On the OpenVPN server (which is an IPA client), I have 2 OpenVPN
> instances running, because different users must end up in different
> subnet's
>
> OpenVPN i
On Fri, 2012-10-05 at 20:13 +0200, Fred van Zwieten wrote:
> You are completely right :-)
>
>
> Both IPA server and client are RHEL6.3 x86_64 boxes.
>
>
> On the OpenVPN server (which is an IPA client), I have 2 OpenVPN
> instances running, because different users must end up in different
> sub
You are completely right :-)
Both IPA server and client are RHEL6.3 x86_64 boxes.
On the OpenVPN server (which is an IPA client), I have 2 OpenVPN instances
running, because different users must end up in different subnet's
OpenVPN instance 1 listens on port 5
OpenVPN instance 2 listens on p
On 10/05/2012 02:03 PM, Simo Sorce wrote:
> On Fri, 2012-10-05 at 13:50 -0400, Dmitri Pal wrote:
>> On 10/05/2012 01:36 PM, Fred van Zwieten wrote:
>>> Hello,
>>>
>>>
>>> I have a IPA server running. This server has users who are member to
>>> various groups. I want to query the IPA server from a
On Fri, 2012-10-05 at 13:50 -0400, Dmitri Pal wrote:
> On 10/05/2012 01:36 PM, Fred van Zwieten wrote:
> > Hello,
> >
> >
> > I have a IPA server running. This server has users who are member to
> > various groups. I want to query the IPA server from an IPA client to
> > know whether a user is
On 10/05/2012 01:36 PM, Fred van Zwieten wrote:
> Hello,
>
> I have a IPA server running. This server has users who are member to
> various groups. I want to query the IPA server from an IPA client to
> know whether a user is a member to a group.
>
> I want to do this from the OpenVPN service using
Hello,
I have a IPA server running. This server has users who are member to
various groups. I want to query the IPA server from an IPA client to know
whether a user is a member to a group.
I want to do this from the OpenVPN service using the openvpn_auth_pam.so.
Normally one uses this like this:
On 10/05/2012 12:16 PM, Stephen Ingram wrote:
> As I typically have saslauthd use kerberos to authenticate users I
> really haven't had the occasion to try before. Since freeipa machines
> use SSSD to help manage users on the system, I thought that saslauthd
> should be able to authenticate users a
On Mon, 2012-10-01 at 17:03 -0400, Qing Chang wrote:
> In a thread on Freeipa-devel titled "freeIPA as a samba backend" there
> is a statement as below:
> =
> IPA will keep all of your passwords in sync - userPassword,
> sambaNTPassword, sambaLMPassword, and your kerberos passwords.
> 389 can
14 matches
Mail list logo