|
|
Hi Serge, It appears that when I use auth-user-pass-verify, my batch script does not appear to run. No windows console was generated. Can I confirm the following with you? 1) that you are also using the openvpn GUI for windows? 2) the openvpn.conf that you refer to is actually a .ovpn file for configuration? the type you can find inside the OpenVPN\sample-config folder? Thank you. Regards Kim Sia Extension: 3160 ----- Original Message ----- From: "Serge Wautier" <serge@xxxxxxxxxxx> To: <simksi@xxxxxxxxxxxxxxx> Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Tuesday, January 30, 2007 10:08 PM Subject: RE: [Openvpn-users] how to code for authentication to a mysql server >I guess so. However I never used it before so I can't say for sure. > > Neither OpenVPN nor the OS (Whether Windows or Linux at least) relies on a > specific scripting language. > > On Windows, OpenVPN executes external scripts as batch files. Up to you to > launch a Windows script (.vbs, .js, .php, .py,...) from the batch file > using > the method I showed earlier. On Linux, the script engine is specified in > the > script's header line (which is a Linux shell feature btw, not an OpenVPN > one). > > From there on, you can use the script language you want provided the > corresponding engine is installed on the machine (Yes, vbscript is > installed > by default on Windows ;-). > > HTH, > > Serge. > http://www.apptranslator.com > > >> -----Original Message----- >> From: simksi@xxxxxxxxxxxxxxx [mailto:simksi@xxxxxxxxxxxxxxx] >> Sent: mardi 30 janvier 2007 14:37 >> To: Serge Wautier >> Cc: 'Sim Kim Sia'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: RE: [Openvpn-users] how to code for authentication >> to a mysql server >> >> Hi Serge, >> >> I suppose it is not impossible to use auth-user-pass-verify >> using a vbscript instead of the pam perl script, is it? >> >> Thank you. >> >> > I don't use auth-user-pass-verify. I use certificate-based >> > authentication only. >> > >> > >> > _____ >> > >> > From: Sim Kim Sia [mailto:simksi@xxxxxxxxxxxxxxx] >> > Sent: mardi 30 janvier 2007 10:18 >> > To: Serge Wautier >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> > Subject: Re: [Openvpn-users] how to code for authentication >> to a mysql >> > server >> > >> > >> > Hi, >> > >> > so I understand this as you added the following line to the server >> > config file : >> > >> > client-connect connect.bat >> > >> > If so, do you still include the auth-user-pass-verify <script file >> > name> <method>? >> > >> > Thank you. >> > Regards >> > Kim Sia >> > >> > Extension: 3160 >> > >> > ----- Original Message ----- >> > From: Serge Wautier <mailto:serge@xxxxxxxxxxx> >> > To: 'Sim Kim Sia' <mailto:simksi@xxxxxxxxxxxxxxx> >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> > Sent: Tuesday, January 30, 2007 5:01 PM >> > Subject: RE: [Openvpn-users] how to code for authentication >> to a mysql >> > server >> > >> > in openvpn.conf: >> > client-connect connect.bat >> > >> > connect.bat: >> > echo Client connected : %common_name% >> > echo Optional dynamic config file : %1 pushd %~dp0 cscript >> connect.js >> > %common_name% %1 popd >> > >> > (pushd %~dp0 -> more info here: >> > >> <http://www.apptranslator.com/blog/2006/03/directory-management-in-bat >> > ch-fil >> > es.html>) >> > >> > All files are stored in the same dir as openvpn.conf (used as the >> > current working directory for scripts launched by OpenVPN). But it >> > should be no problem storing them elsewhere. >> > >> > HTH, >> > >> > >> > Serge. >> > http://www.apptranslator.com <http://www.apptranslator.com/> >> > >> > >> > >> > _____ >> > >> > From: Sim Kim Sia [mailto:simksi@xxxxxxxxxxxxxxx] >> > Sent: mardi 30 janvier 2007 9:50 >> > To: Serge Wautier >> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> > Subject: Re: [Openvpn-users] how to code for authentication >> to a mysql >> > server >> > >> > >> > Hi, >> > >> > thank you for your reply. >> > >> > May I ask how did you include your JScript file? >> > >> > Did you place it in the plugin folder of openvpn or just >> anywhere you >> > like on the server machine? >> > >> > thank you. >> > >> > Regards >> > Kim Sia >> > >> > Extension: 3160 >> > >> > ----- Original Message ----- >> > From: Serge <mailto:serge@xxxxxxxxxxx> Wautier >> > To: 'Sim Kim Sia' <mailto:simksi@xxxxxxxxxxxxxxx> >> > Sent: Tuesday, January 30, 2007 4:34 PM >> > Subject: RE: [Openvpn-users] how to code for authentication >> to a mysql >> > server >> > >> > Hi, >> > >> > I have a setup with an OpenVPN server (using PKI). I validate user >> > certificates against MySQL using a --client-connect script >> written in >> > JScript using ADO to look up the DB: >> > OpenVPN validates the certificate. Then it calls my >> --client-connect >> > script (passing it the CommonName as an argument. Read the >> doc, there >> > are more parameters passed through environment variables. My script >> > validates the CommonName by looking up the DB (I don't use CRL. For >> > this app, a white list was preferred to a black list). One >> can reject >> > a connection by having the script return a non-0 value. >> > >> > HTH, >> > >> > >> > Serge. >> > http://www.apptranslator.com <http://www.apptranslator.com/> >> > >> > >> > _____ >> > >> > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx >> > [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On >> Behalf Of Sim >> > Kim Sia >> > Sent: mardi 30 janvier 2007 9:18 >> > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> > Subject: [Openvpn-users] how to code for authentication to a mysql >> > server >> > >> > >> > Hi, >> > >> > I am using OpenVPN on Windows based machines. >> > >> > I have looked at the example scripts. They are using >> something called >> > pam library and the scripts are written in c and perl -- languages >> > that I am not strong at. >> > >> > I need to to ask the following: >> > >> > 1) >> > >> > How do I write a script such that the username and password >> supplied >> > by the user will be checked against a mysql database table >> containing >> > a list of usernames and passwords? >> > >> > And in a secure manner? >> > >> > 2) >> > >> > How do I use the command auth-user-pass-verify to do the above? >> > >> > I understand that the usual way is to have the line >> > >> > auth-user-pass-verify <script filename> >> > >> > are there other arguments that I must include? >> > >> > Thank you. >> > >> > Regards >> > Kim Sia >> > >> > Extension: 3160 >> > [This e-mail is confidential and may be priviledged. If you are not >> > the >> > >> > intended recipient, please kindly notify us immediately and >> delete the >> > message >> > >> > from your system; please do not copy or use it for any purpose, nor >> > disclose >> > >> > its contents to any other person. Thank you.] >> > >> > ---ST Electronics Group--- >> > >> > >> > >> > >> >> >> > ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |