*SOLVED* Ok it was something stupid in the pptpd config, and thanks to Spacelee who pointed me in the right direction making sure Cleartext was enabled " require-pap " thanks all who replied =)
Cheers, Eric On Fri, Jun 25, 2010 at 6:44 PM, Eric Peters <e...@linuxsystems.net> wrote: > > Thanks Serge, don't think that is going to work for my situation. Little more background on what I'm doing. We are going two factor authentication. Using RSA SecureID, and I'm using RSA's built in Radius server. I have all my servers sucessfuly doing auth via Radius and the PAM mod. I also have all my windoze clients working as well. The last piece in the puzzle is my road warriors, and thought it would be a snap with PPTPD heh. > Next step; I'm going to purge PPTPD and radiusclient-ng and build from source. Could be something wrong with the packages, and I want to verify that hypothesis by building from source first, before even thinking of tracing down a possible bug. I just don't see many issues relating to my issue. > Busy weekend so I might not get to it till Monday. > Cheers, > Eric > Sent from my iPhone > On Jun 25, 2010, at 5:08 PM, Serge van Ginderachter < se...@vanginderachter.be> wrote: > > > > On 26 June 2010 00:39, Eric Peters <e...@linuxsystems.net> wrote: >> >> Anybody have any other suggestions I can try? > > I have set up OpenVPN with password athentication to Active Directory. I'll paste you my notes on this setup. > See also # http://www.matthardy.info/2009/configure-openvpn-to-authenticate-against-active-directory-ldap-in-linux/ > > openvpn.conf file: > > plugin /usr/lib/openvpn/openvpn-auth-ldap.so auth-ldap.cfg > > auth-ldap.cfg for windows active directory > > <LDAP> > # LDAP server URL > URL ldap://zeus.COMPANY.be > # Bind DN (If your LDAP server doesn't support anonymous binds) > BindDN "CN=OpenVPN,OU=Service Accounts,DC=COMPANY,DC=be" > # Bind Password > # Password SecretPassword > Password XXXXXXXXXX > # Network timeout (in seconds) > Timeout 15 > # Enable Start TLS > #TLSEnable yes > TLSEnable no > </LDAP> > <Authorization> > # For active directory, I used sAMAccountName to search by username > # I also configured the original search filter to contain the group membership, instead of using the > # RequireGroup directive below > # Base DN > BaseDN "OU=Accounts,DC=COMPANY,DC=be" > # User Search Filter > #SearchFilter "(&(uid=%u)(accountStatus=active))" > SearchFilter "(&(sAMAccountName=%u)(memberOf= cn=VPN_Access,OU=Security Groups,OU=Accounts,DC=COMPANY,DC=be))" > # Require Group Membership > RequireGroup false > </Authorization>
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
