Welcome to the Linux Foundation Forum!

Linux Server for WinXP VPN clients with AD integ

Hello all,

Currently we have pptpd installed on a Linux server and winXP clients can connect through VPN to it from home so they can keep working. The clients get authenticated by Active Directory on a Windows server.

The thing is that I know pptp is not the most secure thing out there, and even though AD authenticates users that try to connect via vpn, it allows anybody with a domain account to log in, and I have no way of setting restrictions on that.

Can you guys please suggest something that will install on a Debian server and:

-Allow XP clients to use their native VPN tool to connect to our network from home.

-Authenticate domain users against a Domain controller.

-Sets restrictions as to who can actually connect via VPN regardless of having a domain account.

Thanks in advance for your help and tips on this matter.

Northenio.

Comments

  • northenio ,


    have you tried the openvpn software? I think it has some AD integration on it. Thanks.
  • ben
    ben Posts: 134
    anyone in your domain could then login in your head office...
    What's the method you'd like to use to authenticate legitimate users to login ? everyone allowed ?
    Are you willing to control their access with Active Directory properties (dialin tab, remote access permission, allow) ?

    In my case I've a lot of users inside the domain, someone from the IT department, someone from logistics, warehouses, manufacturing, ... . I just want to allow guys from the IT staff, in that case I'm not using Active Directory but Certificates issued to specified users and I control/revoke them from the firewall (IPSEC, PPTP, OpenVPN access, whatever you want)
  • What Andrea Benini suggested is a good idea. You can certs, some MAC filtering, and, and if possible, use special passwords or security questions that only the actual user will know. I would think setting up a domain account would give these options.

Categories

Upcoming Training