Here you can find guidance on how to configure OpenVPN-AD-Check. We assume you already know the basic about OpenVPN configuration.
I think it is importante to remember you that, for while, I am developing/testing/minding Alpine Linux. Maybe it'll work on other Linux systems but the point is: I didn't test it in other system - yet.
This project started with the need of authenticate OpenVPN users against Active Directory. But not only this, we had a need of give permissions to stablish the VPN only for some users. So, we had to search on a given group, even if the user is a valid one, if he/she is not in that group then he/she have no right to stablish VPN.
This is the goal of this project.
Before start configuring OpenVPN-AD-Check make sure the following packages are installed:
Alpine Linux Comand:
# apk add openvpn lua-ldap git
Change directory to /etc/openvpn/, download the files and set the necessary permition. do this in command line:
# cd /etc/openvpn/ # git clone git://git.code.sf.net/p/openvpnadcheck/code openvpnadcheck # cd openvpnadcheck/ # chmod a+x openvpnadcheck.lua
Inside OpenVPN-AD-Check's directory you will find the configuration file named: openvpnadcheck.conf. There You'll need to configure only three variables:
The DNS name or IP address for Active Directory Server
The domain that your users belongs to
The group that your users must to be part of to be authorized to stablish a VPN
In OpenVPN's server side you'll need to add the following lines:
script-security 3 auth-user-pass-verify /etc/openvpn/openvpnadcheck/openvpnadcheck.lua via-env
In OpenVPN's client side you'll need to add the following line: