IP Addresses based on ActiveDirectory Security Groups

jfreeling
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 28, 2016 7:14 pm

IP Addresses based on ActiveDirectory Security Groups

Postby jfreeling » Mon Mar 28, 2016 7:33 pm

I have OpenVPN-AS authenticating against Active Directory (AD). Any user who authenticates to OpenVPN-as receives a 10.22.x.x address (which range is assigned to VLAN 22).

We have a number of VLANS, each with their respective IP ranges.

Is it possible to cause OpenVPN-AS to assign a user an IPs from dhcp ranges based on the user's AD security group?

To be clear. Let's say we have three security groups in AD, each group containing one user:

1. Accounting (contains Bob)
2. Sales (contains Sara)
3. Tech (contains Jim)

We also have three VLANs, each with its own IP range

1. VLAN 22 (10.22.0.0/16) - for Accounting
2. VLAN 23 (10.23.0.0/16) - for Sales
3. VLAN 24 (10.24.0.0/16) - for Tech

If Bob authenticates to OpenVPN, he should receive an IP from 10.22.x.x.
If Sara authenticates she should receive an IP from 10.23.x.x.
If Jim authenticates he should receive an IP from 10.24.x.x.

Is this possible? If so, can someone point me in the right direction to make it happen?

Much obliged

Pippin
OpenVPN Power User
Posts: 178
Joined: Wed Jul 01, 2015 8:03 am

Re: IP Addresses based on ActiveDirectory Security Groups

Postby Pippin » Mon Mar 28, 2016 8:19 pm


jfreeling
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 28, 2016 7:14 pm

Re: IP Addresses based on ActiveDirectory Security Groups

Postby jfreeling » Tue Mar 29, 2016 11:49 am

Pippin wrote:I think you looking for this:
https://openvpn.net/index.php/open-sour ... tml#policy


Thanks for your reply. I am not sure that this works because it does not seem that the classes (or groups) here are designated by Active Directory (AD). What I hope to do is integrate OpenVPN with AD such that it assigns IPs (or VLANS) based on AD group membership.

If I am incorrect on this, please let me know.

anxjk
OpenVpn Newbie
Posts: 1
Joined: Wed Jan 04, 2017 3:06 pm

Re: IP Addresses based on ActiveDirectory Security Groups

Postby anxjk » Tue Mar 07, 2017 9:53 pm

Hi,
I know this is an older post, did you get this figured out?

Thanks!


Return to “Access Server”

Who is online

Users browsing this forum: No registered users and 1 guest