Hi, I set up server with 2 factors auth (username and PW + Host cert).
I enabled remote KERBEROS auth to allow my Active Directory domain users to authenticate in VPN.
I'd like to assign specific IPs (to use specific firewall rules in iptables) and managed to do so via client-config-dir.
Anyway, since usernames are case insensitive in Active directory, so i had to create a lot of files for each user with all the possible combinations (a bash script).
E.g.:
userfc1@domain.ext
Userfc1@domain.ext
uSerfc1@domain.ext
....
So my question is:
Is that possible to bind a configuration to the HOST Certificate instead of the username? I know it is possible when using the USER certificate to login, with the CN of the user, but I can't make it work with Host cert CN.
If not possible: is there a way to workaround this?
Thank You!
is it possible to bind CCD configuration to host certificate in dual factor auth?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jan 11, 2018 11:25 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: is it possible to bind CCD configuration to host certificate in dual factor auth?
CCD files are bound to the common_name of the certificate.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jan 11, 2018 11:25 am
Re: is it possible to bind CCD configuration to host certificate in dual factor auth?
Hi TinCanTech.
Unfortunately, I think it's only true when you are using the certificate to authenticate INSTEAD of username and PW.
I tried to create a filename with the common name of the cert. but it simply doesn't work.
Is there anything i should check to verify openvpn is working the correct way?
Unfortunately, I think it's only true when you are using the certificate to authenticate INSTEAD of username and PW.
I tried to create a filename with the common name of the cert. but it simply doesn't work.
Is there anything i should check to verify openvpn is working the correct way?
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: is it possible to bind CCD configuration to host certificate in dual factor auth?
see if --username-as-common-name option does what you want