|
|
Marcos Morais schrieb: >Hello Users, >I still have some doubts about how will remote clients have access to >resources in the LAN using OpenVPN. > >1 - I want to be able to limit the users to acces only the resources that >they normally use on the LAN, such as Email, File servers etc. How can that >be achieved? >2 - Can anybody give me details about how to direct the remote users to an >LDAP or NIS server, so that they are authenticated there and gain all the >permissions they normally have in the LAN? > > Mhhh.... if you want to call the M$ way _normal_ OK. - You can verify the authentication against AD. - I have _not_ seen _authorization_ though and this is IMHO because M$ does not provide a kinit program which we could use to get a TGT and thus have access to the ressources controlled by M$ kerberos. I _believe_ this is achieved in some commercial access packages by modifying the thing they call GINA in Redmond. This is not strictly a OpenVPN issue. In order to achieve this we would probably need an advanced Plug-In which would be called at connection time and does a kinit on the AD and stores the TGT on the client in the wherever _normal_ place. cheers Erich ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |