| Jan Roesner 2005-06-30, 7:46 am |
| Hi NG,
recently someone pointed me to OpenVPN with my thought in mind to find a vpn
server solution that is on the one hand able to handle connectionattempts
from the buildin vpn client fromon w2k to w2k3 and xp and on the other hand
capable to authenticate via user changable pam module.
My first goal is to give my user the possibility to connect into our lan via
vpn without having to install an ISA in our lan. Instead I'd like to
install a vpn server on our linux firewall box.
That one is (thx samba 3.0 and winbind) member in our domain and services
like login, xdm and su use pam_winbind.so for authetication against our ad
on the dc's.
Now I need a VPN server that authenticates my vpn users via pam too so that
I dont need to administer users twice.
Our second goal is more tricky. We use E4NetKey smartcard's for winlogon on
our local machines. On the smartcard's there are logon certificates
installed issued by our own issuing ca (m$ based). If a user wants to logon
an inserts a sc, the logon dll is switched to gina.dll and that one
authenticates him against the ad.
What I would like to have in a second step ist that kind of smartcard
authetification for the vpn users. Thats the reason why I am looking for a
VPN server out there that can communicate with the m$ buildin vpn clients.
Any suggestions, links, hints ?
Thx in advance.
Jan Roesner
jan.roesner@gmx.de
|