Linux Server for WinXP VPN clients with AD integ

northenio

Hello all,

Currently we have pptpd installed on a Linux server and winXP clients can connect through VPN to it from home so they can keep working. The clients get authenticated by Active Directory on a Windows server.

The thing is that I know pptp is not the most secure thing out there, and even though AD authenticates users that try to connect via vpn, it allows anybody with a domain account to log in, and I have no way of setting restrictions on that.

Can you guys please suggest something that will install on a Debian server and:

-Allow XP clients to use their native VPN tool to connect to our network from home.

-Authenticate domain users against a Domain controller.

-Sets restrictions as to who can actually connect via VPN regardless of having a domain account.

Thanks in advance for your help and tips on this matter.

Northenio.

csorhand

northenio ,


have you tried the openvpn software? I think it has some AD integration on it. Thanks.

ben

anyone in your domain could then login in your head office...
What's the method you'd like to use to authenticate legitimate users to login ? everyone allowed ?
Are you willing to control their access with Active Directory properties (dialin tab, remote access permission, allow) ?

In my case I've a lot of users inside the domain, someone from the IT department, someone from logistics, warehouses, manufacturing, ... . I just want to allow guys from the IT staff, in that case I'm not using Active Directory but Certificates issued to specified users and I control/revoke them from the firewall (IPSEC, PPTP, OpenVPN access, whatever you want)

saqman2060

What Andrea Benini suggested is a good idea. You can certs, some MAC filtering, and, and if possible, use special passwords or security questions that only the actual user will know. I would think setting up a domain account would give these options.