1.安裝套件:'yum -y install openvpn-auth-ldap'
2.改變資料夾權限:chown -R openvpn:openvpn /etc/openvpn/auth3.編輯openvpn的server.conf:vim /etc/openvpn/auth/ldap.conf
4.加上參數:plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.conf
5.重新啟動服務
6.client端的設定檔要加上兩個參數:
auth-user-pass
auth-retry interact
7.如果連線有問題,試試看server.conf的設定TLSEnable 改成no
vim /etc/openvpn/auth/ldap.conf
# LDAP server URL
URL ldap://IP:PORT
# Bind DN (If your LDAP server doesn't support anonymous binds)
# BindDN uid=Manager,ou=People,dc=example,dc=com
BindDN 管理者的DN
# Bind Password
# Password SecretPassword
Password 管理者的密碼
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
TLSEnable no
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
# TLS CA Certificate File
TLSCACertFile /usr/local/etc/ssl/ca.pem
# TLS CA Certificate Directory
TLSCACertDir /etc/ssl/certs
# Client Certificate and key
# If TLS client authentication is required
TLSCertFile /usr/local/etc/ssl/client-cert.pem
TLSKeyFile /usr/local/etc/ssl/client-key.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
# Base DN
BaseDN "ou=user,dc=test,dc=com"
# User Search Filter
#SearchFilter "(&(uid=%u)(accountStatus=active))"
SearchFilter "(uid=%u)"
# Require Group Membership
RequireGroup false
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
#
# BaseDN "ou=Groups,dc=example,dc=com"
# SearchFilter "(|(cn=developers)(cn=artists))"
# MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
#
沒有留言:
張貼留言