I'm trying to authorize users to OpenVPN through Azure AD with https://github.com/outlook/openvpn-azure-ad-auth
I've successfully configured openvpn-azure-ad-auth and can get a success when running ./openvpn-azure-ad-auth.py --consent
I've added the following to my server's as.conf file:
------
auth-user-pass-verify /path/to/openvpn-azure-ad-auth.py via-env
script-security 3 execve
------
I've also tried appending the following to my openvpn client config with no luck:
auth-user-pass
The openvpn-azure-ad-auth.py script never even seems to be run when I try to connect as a user. I must be missing something. Any ideas?
I'm running openvpn-as version 2.1.4
Azure AD authentication for OpenVPN
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jun 28, 2017 8:10 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Azure AD authentication for OpenVPN
Hello angry condiment,
It looks like you're trying to apply a guide for the open source OpenVPN version, to the commercial program Access Server. They're not the same program, so, it won't work that way. Instead you should go into the Admin UI, go to Authentication, and set it to LDAP. Make sure you're logged in as the 'openvpn' master user; that user will always be able to log in despite LDAP authentication not being configured fully yet and not actually working yet.
Then, set up the LDAP parameters so it connects to your LDAP server and tries to authenticate through there.
It looks like you're trying to apply a guide for the open source OpenVPN version, to the commercial program Access Server. They're not the same program, so, it won't work that way. Instead you should go into the Admin UI, go to Authentication, and set it to LDAP. Make sure you're logged in as the 'openvpn' master user; that user will always be able to log in despite LDAP authentication not being configured fully yet and not actually working yet.
Then, set up the LDAP parameters so it connects to your LDAP server and tries to authenticate through there.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jun 28, 2017 8:10 pm
Re: Azure AD authentication for OpenVPN
Thanks, looks like I've got a lot to ketchup on. (facepalm)
Unfortunately, I don't think standard LDAP will work for Azure AD (which actually uses OAuth for authorization). Good news is I'm not really bound to using Access Server so maybe I'll give Community Edition a shot and see how that works out.
Thanks again! Mayo the force be with you!
Unfortunately, I don't think standard LDAP will work for Azure AD (which actually uses OAuth for authorization). Good news is I'm not really bound to using Access Server so maybe I'll give Community Edition a shot and see how that works out.
Thanks again! Mayo the force be with you!
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Azure AD authentication for OpenVPN
Alright, good luck.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jul 10, 2017 3:33 pm
Re: Azure AD authentication for OpenVPN
Hey,
Did you ever get this working?
if so would you mind sharing how you did it.
Cheers,
Did you ever get this working?
if so would you mind sharing how you did it.
Cheers,