Azure AD authentication for OpenVPN

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
MeanMrMustardxx
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 28, 2017 8:10 pm

Azure AD authentication for OpenVPN

Post by MeanMrMustardxx » Wed Jun 28, 2017 8:26 pm

I'm trying to authorize users to OpenVPN through Azure AD with https://github.com/outlook/openvpn-azure-ad-auth

I've successfully configured openvpn-azure-ad-auth and can get a success when running ./openvpn-azure-ad-auth.py --consent

I've added the following to my server's as.conf file:
------
auth-user-pass-verify /path/to/openvpn-azure-ad-auth.py via-env
script-security 3 execve
------

I've also tried appending the following to my openvpn client config with no luck:
auth-user-pass

The openvpn-azure-ad-auth.py script never even seems to be run when I try to connect as a user. I must be missing something. Any ideas?
I'm running openvpn-as version 2.1.4

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Azure AD authentication for OpenVPN

Post by novaflash » Thu Jun 29, 2017 7:46 am

Hello angry condiment,

It looks like you're trying to apply a guide for the open source OpenVPN version, to the commercial program Access Server. They're not the same program, so, it won't work that way. Instead you should go into the Admin UI, go to Authentication, and set it to LDAP. Make sure you're logged in as the 'openvpn' master user; that user will always be able to log in despite LDAP authentication not being configured fully yet and not actually working yet.

Then, set up the LDAP parameters so it connects to your LDAP server and tries to authenticate through there.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

MeanMrMustardxx
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 28, 2017 8:10 pm

Re: Azure AD authentication for OpenVPN

Post by MeanMrMustardxx » Thu Jun 29, 2017 3:28 pm

Thanks, looks like I've got a lot to ketchup on. (facepalm)

Unfortunately, I don't think standard LDAP will work for Azure AD (which actually uses OAuth for authorization). Good news is I'm not really bound to using Access Server so maybe I'll give Community Edition a shot and see how that works out.

Thanks again! Mayo the force be with you!

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Azure AD authentication for OpenVPN

Post by novaflash » Thu Jun 29, 2017 3:54 pm

Alright, good luck.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

stilljake
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 10, 2017 3:33 pm

Re: Azure AD authentication for OpenVPN

Post by stilljake » Mon Jul 10, 2017 3:35 pm

Hey,

Did you ever get this working?

if so would you mind sharing how you did it.

Cheers,

Post Reply