October 13, 2015 at 11:09 pm #44399
I’m trying to set up Zeroshell OpenVPN using my local domain controller for user authentication, I just don’t understand how to do it. Can anybody walk me through the steps?
UltimoblazeOctober 14, 2015 at 1:16 pm #53911
I’ve managed to make some third-party things authenticate against Active Directory using Lightweight Directory Access Protocol. For instance I got Openfire Chat to work, and I got some photocopiers to allow access based on AD accounts. Zeroshell isn’t as straight forward; my first attempt didn’t work well.
I think (though I don’t know) that you could use either LDAP or Kerberos Protocol, but not both. You would make the local LDAP or Kerberos server a proxy for your Active Directory domain, much like you could make ZS DNS use your domain controllers as DNS forwarders. Actually, making K5 or LDAP work right would first require making DNS forwarding work, at least for your AD domain.
—October 22, 2015 at 11:43 pm #53912
I’ve gotten the DNS forwarding to work. That wasn’t as difficult to figure out. I’m a novice though at authentication protocols. I don’t understand how to get the cross authentication to work.
My configuration is as follows. The Zeroshell box has the K5 realm as ABC.com. It’s hostname is zeroshell. the LDAP base is dc=ABC,dc=com. I don’t understand what each of these do, other than hostname. My AD domain is ABC.com and the AD controller is server1.ABC.com.
Given this information, how can I have the zeroshell box accept openVPN connections authenticated against the AD accounts? Is there something I have to do on the AD controller side?
UltimoblazeJanuary 15, 2016 at 1:34 am #53913
I found out I need to create a trust relationship on the AD side. I did this and entered the same password as on the Zeroshell machine. I still cannot get it to authenticate against the AD though. Has anybody done this successfully?
UltimoblazeJanuary 29, 2016 at 8:56 pm #53914
Here is some more information. First are my realm setup and cross authentication setup. Then my VPN setup and then the VPN log when trying to login.
15:47:38 Re-using SSL/TLS context
15:47:38 LZO compression initialized
15:47:38 TCP connection established with 220.127.116.11:56504
15:47:38 TCPv4_SERVER link local: [undef]
15:47:38 TCPv4_SERVER link remote: 18.104.22.168:56504
15:47:40 22.214.171.124:56504 [administrator@SLI.COM] Trying Kerberos 5 (Trusted KDC) authentication
15:47:40 126.96.36.199:56504 [administrator@SLI.COM] Kerberos 5 authentication failed: host/zeroshell.sli.lan@SLI.LAN: Server not found in Kerberos database while getting credentials
15:47:40 188.8.131.52:56504 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 11
15:47:40 184.108.40.206:56504 TLS Auth Error: Auth Username/Password verification failed for peer
Does anybody have any suggestions?
You must be logged in to reply to this topic.