IP Addresses based on ActiveDirectory Security Groups

[jfreeling]

I have OpenVPN-AS authenticating against Active Directory (AD). Any user who authenticates to OpenVPN-as receives a 10.22.x.x address (which range is assigned to VLAN 22).

We have a number of VLANS, each with their respective IP ranges.

Is it possible to cause OpenVPN-AS to assign a user an IPs from dhcp ranges based on the user's AD security group?

To be clear. Let's say we have three security groups in AD, each group containing one user:

1. Accounting (contains Bob)
2. Sales (contains Sara)
3. Tech (contains Jim)

We also have three VLANs, each with its own IP range

1. VLAN 22 (10.22.0.0/16) - for Accounting
2. VLAN 23 (10.23.0.0/16) - for Sales
3. VLAN 24 (10.24.0.0/16) - for Tech

If Bob authenticates to OpenVPN, he should receive an IP from 10.22.x.x.
If Sara authenticates she should receive an IP from 10.23.x.x.
If Jim authenticates he should receive an IP from 10.24.x.x.

Is this possible? If so, can someone point me in the right direction to make it happen?

Much obliged

[Pippin]

I think you looking for this:
https://openvpn.net/index.php/open-sour ... tml#policy

[jfreeling]

I think you looking for this:
https://openvpn.net/index.php/open-sour ... tml#policy

Thanks for your reply. I am not sure that this works because it does not seem that the classes (or groups) here are designated by Active Directory (AD). What I hope to do is integrate OpenVPN with AD such that it assigns IPs (or VLANS) based on AD group membership.

If I am incorrect on this, please let me know.

[anxjk]

Hi,
I know this is an older post, did you get this figured out?

Thanks!