Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VPN (PPTP, OpenVPN, ...) with PAM/LDAP support
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kokyu
n00b
n00b


Joined: 22 Dec 2011
Posts: 13

PostPosted: Tue Oct 09, 2012 4:34 pm    Post subject: VPN (PPTP, OpenVPN, ...) with PAM/LDAP support Reply with quote

Hi all,

in our company we're using currently PPTP with MS-CHAP2 and MPPE, and I recently introduced LDAP for all the SSH accounts on all machines to make modification to the global user database just easy.

However, we now are to do the same for VPN. It would be really great to let all users in the LDAP database (possibly with a flag) to also be granted to log in via VPN with their passwords stored in that very LDAP database.

Since PAM is configured to use LDAP, I am looking for either a VPN with PAM support or direct LDAP support.

However, I tried hard to find a guide for PPTP (pppd) to authenticate against PAM/LDAP, and I one even said it is not possible at all since PPTP with MS-CHAP is using a different password hash algorithm than shadow passwords are encrypted in and OpenVPN on the other hand did not look that great either.

So does anyone know how at best I could get a PPTP (or similar) VPN to run against a centralized LDAP user database?

Many thanks in advance,
Kokyu.
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Tue Oct 09, 2012 8:43 pm    Post subject: Reply with quote

Short answer: yes it is possible, the exact steps depend on the final setup. (or in other word, more information needed).

Longer answer: ldap authentication with openvpn works perfectly. I currently use pfSense on my border firewall to achieve that. (other (proprietary) products can achieve similar results)

what is your current setup (firewall or vpn concentrator wise)? Can it be used to terminate a vpn connection? Does it support ldap authentication?

If there no existing infrastructure available, I suggest you use a dedicated host (in the DMZ) to play to role of the vpn concentrator, and use some appliance grade OS. (it is perfectly possible to use (hardened) gentoo, but the less the box has installed the better).

Choosing the right 'vpn software' depends on the clients used, and the features required. My main reason for choosing openvpn is simplicity to integrate into network manager and the trust in the openssl library.


before adding more thoughts, I would need some addition information.

V.

If I may ask: how it this gentoo related?
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum