VPN Single SignOn with Samba AD: Difference between revisions

From SambaWiki
No edit summary
No edit summary
Line 3: Line 3:


== Overview ==
== Overview ==
1. The purpose of this guide is to provide an overview and a step by step guidelines how to create a L2TP VPN server which is fully integrated with the Samba4 Server.
1. The purpose of this guide, is to provide an a step by step guidelines how to create a L2TP VPN server, which is fully integrated with the Samba4 Server.


== Network Topology ==
== Network Topology ==

Revision as of 22:42, 14 April 2010

Creating a Single Sing-on VPN with Samba4 on Ubuntu/Debian Server

These instructions are pretty rough, but they "worked for me" and I hope they give others some guidance. I've tried to go into as much detail as possible (painfully so) but I'm sure there are things that I'm missing. Please expand upon this HOWTO if you do find errors.

Overview

1. The purpose of this guide, is to provide an a step by step guidelines how to create a L2TP VPN server, which is fully integrated with the Samba4 Server.

Network Topology

2. Before we are going over how to actually build and configure the VPN server we need first to understand a little bit about out network topology. Basically our network is construct with a Layer II switch, a Firewall Server which is also our network gateway, at least one Samba4 Domain Controller and one or more linux/windows user machines. 


                         NetID                                  --------- Windows XP - 172.16.0.10/24
                     172.16.0.0/24                             /
                         ------                   --------    /
                        |      |                 |        |  /
                        |      |                 |        | /
 Internet----Public-IP--|  FW  |--172.16.0.1/24--| Switch | ------------- Samba4 DC - 172.16.0.2/24
                        |      |                 |        | \
                        |      |                 |        |  \
                         ------                   --------    \
                                                               \
                                                                ---------- Fedora Linux - 172.16.0.50/24

Plese note that the Domain Controller (Samba4) can also be configure on the Firewall itself, but this is strongly not recommended due to a security issues.

Install & Configure Your Samba4 Domain Controller

3. This guide assume you have one/or more Samba4 Domain Controller runing in your network. For the purpose of thie guide, I will refer to our Domain Controller host-name as "DC.Domain.Local" and our Domain Name as "Domain.Local". If you unfamiler with how to install samba4 of Debian/Ubuntu Server, please see here.


Install & Configure a Radius Server

4. Once you have a Samba4 Server up and runing, our next step is to install and configure a Radius Server as an alternative to the Microsoft IAS or NPS.
There are plenary of radius implementation in the open source community, but I truly recomended to go with the FreeRadius solution.

5. Install FreeRadius software 

sudo apt-get install
Retrieved from "https://wiki.samba.org/index.php?title=VPN_Single_SignOn_with_Samba_AD&oldid=5221"