OpenVPN Access Server System Administrator Guide
OpenVPN Access Server System Administrator Guide OpenVPN Access Server System Administrator Guide
4.3 Authentication Pages 4.3.1 General Figure 32: General User Authentication page Access Server does not store and manage user credentials. Instead, it interfaces with one of the following systems for user authentication: Local: This is a user authentication system that is managed by OpenVPN Access Server. You can set the vpn users password on the User Permissions page when Local Authentication is enabled. PAM: Pluggable Authentication Modules - The system used to authenticate users to the Unix host running Access Server. RADIUS: Between one and five RADIUS servers can be contacted for user authentication and (optionally) also user accounting. LDAP: An Active Directory domain controller or other LDAP server is used to validate user credentials. On the General User Authentication page, you can choose between the three methods of authenticating Access Server users. This setting can also be changed on the configuration pages for PAM, RADIUS and LDAP (e.g., on the RADIUS page, you can press Use RADIUS if RADIUS isn't already chosen). Note, however, that only one authentication method type can be chosen for Access Server user authentication. OpenVPN Access Server System Administrator Guide 35
4.3.2 PAM Figure 33: PAM Authentication page PAM stands for Pluggable Authentication Modules and is the standard method for authenticating users on a Unix system. Selecting PAM for authenticating OpenVPN Access Server users means that users must provide the same username and password credentials to the Access Server as they would when authenticating to the Unix host that runs the Access Server. When PAM is not already selected to be used to authenticate users, the Use PAM button selects PAM (instead of RADIUS or LDAP) for authentication. When PAM is selected, there are no configuration settings to adjust in the Admin Web UI. Internally, the Access Server authenticates using a PAM service named openvpn_as, which corresponds to the file /etc/pam.d/openvpn_as (added during initial configuration of Access Server). OpenVPN Access Server System Administrator Guide 36
- Page 1 and 2: OpenVPN Access Server System Admini
- Page 3 and 4: TABLE OF CONTENTS 1 Introduction ..
- Page 5 and 6: 1 Introduction The OpenVPN Access S
- Page 7 and 8: 1.3 Deployment Overview (Quick Star
- Page 9 and 10: 2.2.1 One Network Interface on Priv
- Page 11 and 12: 2.3 User Authentication and Managem
- Page 13 and 14: 3 Installation This section describ
- Page 15 and 16: You will need to list whether this
- Page 17 and 18: Getting hostname... Hostname: vpn-g
- Page 19 and 20: Note that the “At a glance” rig
- Page 21 and 22: 4.1.2 Log Reports The Log Reports p
- Page 23 and 24: 4.2 Configuration Pages 4.2.1 Licen
- Page 25 and 26: The Hostname or IP Address is the n
- Page 27 and 28: https://192.168.1.20/ and the Admin
- Page 29 and 30: VPN Clients (provided that the Acce
- Page 31 and 32: 4.2.5 Advanced VPN 4.2.5.1 Inter-Cl
- Page 33 and 34: Figure 27: Connection Security Refr
- Page 35 and 36: 4.2.6 User Permissions Figure 30: U
- Page 37: 4.2.7 Group Permissions Figure 31:
- Page 41 and 42: 4.3.4 LDAP Figure 35: LDAP Authenti
- Page 43 and 44: 4.4.1.1 Active Profile and Edit Pro
- Page 45 and 46: Figure 38: Connectivity Test page N
- Page 47 and 48: 5 Connect Client The Connect Client
- Page 49 and 50: Tray Icon: The tray icon is a featu
- Page 51 and 52: 5.3 Rebranding the Admin UI OpenVPN
- Page 53 and 54: # openssl genrsa -out new.key 1024
- Page 55 and 56: 7 How to authenticate users with Ac
- Page 57 and 58: 8 Failover OpenVPN Access Server ha
4.3.2 PAM<br />
Figure 33: PAM Authentication page<br />
PAM stands for Pluggable Authentication Modules and is the standard method for authenticating<br />
users on a Unix system. Selecting PAM for authenticating <strong>OpenVPN</strong> <strong>Access</strong> <strong>Server</strong> users means<br />
that users must provide the same username and password credentials to the <strong>Access</strong> <strong>Server</strong> as they<br />
would when authenticating to the Unix host that runs the <strong>Access</strong> <strong>Server</strong>.<br />
When PAM is not already selected to be used to authenticate users, the Use PAM button selects<br />
PAM (instead of RADIUS or LDAP) for authentication. When PAM is selected, there are no<br />
configuration settings to adjust in the Admin Web UI.<br />
Internally, the <strong>Access</strong> <strong>Server</strong> authenticates using a PAM service named openvpn_as, which<br />
corresponds to the file /etc/pam.d/openvpn_as (added during initial configuration of <strong>Access</strong><br />
<strong>Server</strong>).<br />
<strong>OpenVPN</strong> <strong>Access</strong> <strong>Server</strong> <strong>System</strong> <strong>Administrator</strong> <strong>Guide</strong><br />
36