How to setup xl2tpd VPN to work with the Windows domain authentication?

General support questions
Post Reply
cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2016/10/27 05:08:28

Hi All,

I have setup a L2tp/IPsec VPN and join a window AD with SSSD
i wanna to use domain account to login this VPN.

how to setup the config?
Please help.

cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2016/11/02 06:00:53

anyone can help me?

cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2016/11/30 03:49:06

anyone know how to set up?

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by hunter86_bg » 2016/11/30 06:36:53

Have you checked this guide: Windows Integration Guide RHEL 7 ??? I'm pretty sure it covers all you need.

cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2016/11/30 08:13:58

hunter86_bg wrote:Have you checked this guide: Windows Integration Guide RHEL 7 ??? I'm pretty sure it covers all you need.
Thank you sir.
I have checked but seem no tips for me.
My server has already joined AD with SSSD. And set up a L2tp VPN service.
I wanna use AD account login but i just don't know how to set up.
Thanks for your reply.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by hunter86_bg » 2016/11/30 09:02:29

Have you checked this: Configuration of Active Directory Authentication with authconfig
It has a cli and gui methods.If this one is already done , I can't help as I lack experience in AD-Linux integration.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by TrevorH » 2016/11/30 14:37:36

The credential checking would be done on the VPN end of things so as long as your VPN server is set up to authenticate against AD then you shouldn't need to do anything other than provide the credentials it needs when you are asked. How did you set up your VPN? Do you have the following packages installed? NetworkManager-l2tp NetworkManager-libreswan NetworkManager-libreswan-gnome NetworkManager-l2tp-gnome
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2016/12/01 02:40:58

TrevorH wrote:The credential checking would be done on the VPN end of things so as long as your VPN server is set up to authenticate against AD then you shouldn't need to do anything other than provide the credentials it needs when you are asked. How did you set up your VPN? Do you have the following packages installed? NetworkManager-l2tp NetworkManager-libreswan NetworkManager-libreswan-gnome NetworkManager-l2tp-gnome
Thank you for your reply
My VPN server was using Libreswan+xl2tpd+ppp.
the credential checking is a auth file (chap-secret), which is including username and password.
i wanna to change the credential checking from this auth file to AD.
but i don't know how to change it...

cozyta
Posts: 6
Joined: 2016/10/27 05:00:42

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by cozyta » 2017/02/13 02:35:53

For record, finally i found the solution:

Chap-secret is not support domain authentication.
You need to change as pap-secret. the steps is below:

1. modify the /etc/pam.d/ppp
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
## Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
## pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
## Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare

2. modify the /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = x.x.x.x
[lns default]
ip range = 192.168.18.2-192.168.18.254
local ip = 192.168.18.1
unix authentication = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

3. modify the /etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
require-pap
ms-dns x.x.x.x
ms-dns x.x.x.x
ms-wins x.x.x.x
ms-wins x.x.x.x
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
name l2tpd
debug
connect-delay 5000
login

4. cut and paste all the record from /etc/xl2tpd/chap-secret to /etc/xl2tpd/pap-secret


hope this reply is help for you.

xuejipeng
Posts: 1
Joined: 2018/08/20 11:36:07

Re: How to setup xl2tpd VPN to work with the Windows domain authentication?

Post by xuejipeng » 2018/08/20 11:37:49

I did not see your configuration about the AD, I would like to ask you how this part of the ad configuration?

Post Reply