nepsck
(usa CentOS)
Enviado em 11/11/2009 - 12:41h
Bom dia !
alguém sabe com eu faço p fazer com que o openvpn faça a autenticação pelos usuarios do samba, pelo pam eu sei que é com plugin /usr/lib/openvpn-auth-pam.so common-auth. com os usuarios ruwindows nao podem acessar usando o pam, entao gostaria de colocar para rodar com o samba isso é possivel ? como seria feto nesse caso ?
essa é minha configuração do openvpn
############################################################
# Dispositivo utilizado pelo OpenVPN
dev tun
# Define que atuaremos como servidor
mode server
# Indica que o servidor atuará como o
# controlador no canal de comunicação
# durante a conexão TLS
tls-server
# Permite que os clientes conectados ao
# servidor troquem pacotes entre si
client-to-client
# with tls-auth server is value 0 and client is value 1
#tls-auth keys/ta.key 0
dh keys/dh1024.pem
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
duplicate-cn
server 171.171.100.0 255.255.255.0 # IP range clients
ifconfig-pool-persist ipp.txt
# note: initial tests used these, and they worked, but
# the man page hade the two lines above.
#ifconfig 192.168.100.1 192.168.100.2
#ifconfig-pool 192.168.100.5 192.168.100.200 # IP range clients
route-up "route delete -net 171.171.100.0/24"
route-up "route add -net 171.171.100.0/24 tun0"
ush "route 171.171.100.1" # add route to protected network
# the next line tells the client to route all traffic thru the VPN
# you might not want this
#push "redirect-gateway def1"
# if you do not want to route all client traffic thru VPN, do something
like
# the following (uncomment out and edit as needed)
#push "route 10.90.134.0 255.255.255.0"
#push "route 10.0.134.0 255.255.255.0"
#push "route 195.214.241.0 255.255.255.0"
# if you have mobile users, the following can be used:
#push "dhcp-option DOMAIN riseup.net" #push the DNS domain suffix
#push "dhcp-option DNS 10.32.1.14 " #push DNS entries to client
#push "dhcp-option WINS 69.90.134.134 " #push WINS entries to client
port 1194
user nobody
group nogroup
; comp-lzo
ping 60
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key
verb 6
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/status.log
plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth
client-cert-not-required
##############################
desde ja fico grato