How to setup xl2tpd VPN to work with the Windows domain authentication?
How to setup xl2tpd VPN to work with the Windows domain authentication?
Hi All,
I have setup a L2tp/IPsec VPN and join a window AD with SSSD
i wanna to use domain account to login this VPN.
how to setup the config?
Please help.
I have setup a L2tp/IPsec VPN and join a window AD with SSSD
i wanna to use domain account to login this VPN.
how to setup the config?
Please help.
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
anyone can help me?
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
anyone know how to set up?
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
Have you checked this guide: Windows Integration Guide RHEL 7 ??? I'm pretty sure it covers all you need.
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
Thank you sir.hunter86_bg wrote:Have you checked this guide: Windows Integration Guide RHEL 7 ??? I'm pretty sure it covers all you need.
I have checked but seem no tips for me.
My server has already joined AD with SSSD. And set up a L2tp VPN service.
I wanna use AD account login but i just don't know how to set up.
Thanks for your reply.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
Have you checked this: Configuration of Active Directory Authentication with authconfig
It has a cli and gui methods.If this one is already done , I can't help as I lack experience in AD-Linux integration.
It has a cli and gui methods.If this one is already done , I can't help as I lack experience in AD-Linux integration.
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
The credential checking would be done on the VPN end of things so as long as your VPN server is set up to authenticate against AD then you shouldn't need to do anything other than provide the credentials it needs when you are asked. How did you set up your VPN? Do you have the following packages installed? NetworkManager-l2tp NetworkManager-libreswan NetworkManager-libreswan-gnome NetworkManager-l2tp-gnome
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
Thank you for your replyTrevorH wrote:The credential checking would be done on the VPN end of things so as long as your VPN server is set up to authenticate against AD then you shouldn't need to do anything other than provide the credentials it needs when you are asked. How did you set up your VPN? Do you have the following packages installed? NetworkManager-l2tp NetworkManager-libreswan NetworkManager-libreswan-gnome NetworkManager-l2tp-gnome
My VPN server was using Libreswan+xl2tpd+ppp.
the credential checking is a auth file (chap-secret), which is including username and password.
i wanna to change the credential checking from this auth file to AD.
but i don't know how to change it...
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
For record, finally i found the solution:
Chap-secret is not support domain authentication.
You need to change as pap-secret. the steps is below:
1. modify the /etc/pam.d/ppp
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
## Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
## pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
## Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
2. modify the /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = x.x.x.x
[lns default]
ip range = 192.168.18.2-192.168.18.254
local ip = 192.168.18.1
unix authentication = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
3. modify the /etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
require-pap
ms-dns x.x.x.x
ms-dns x.x.x.x
ms-wins x.x.x.x
ms-wins x.x.x.x
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
name l2tpd
debug
connect-delay 5000
login
4. cut and paste all the record from /etc/xl2tpd/chap-secret to /etc/xl2tpd/pap-secret
hope this reply is help for you.
Chap-secret is not support domain authentication.
You need to change as pap-secret. the steps is below:
1. modify the /etc/pam.d/ppp
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
## Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
## pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
## Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
2. modify the /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = x.x.x.x
[lns default]
ip range = 192.168.18.2-192.168.18.254
local ip = 192.168.18.1
unix authentication = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
3. modify the /etc/ppp/options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
require-pap
ms-dns x.x.x.x
ms-dns x.x.x.x
ms-wins x.x.x.x
ms-wins x.x.x.x
hide-password
idle 1800
mtu 1410
mru 1410
nodefaultroute
name l2tpd
debug
connect-delay 5000
login
4. cut and paste all the record from /etc/xl2tpd/chap-secret to /etc/xl2tpd/pap-secret
hope this reply is help for you.
Re: How to setup xl2tpd VPN to work with the Windows domain authentication?
I did not see your configuration about the AD, I would like to ask you how this part of the ad configuration?