大佬教程收集整理的这篇文章主要介绍了Centos7+Openvpn使用Windows AD验证登陆,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我们上一篇你文章介绍了Centos7+openvpn使用本地用户和密码验证登陆的配置介绍,今天我们介绍Centos7+Openvpn使用Windows AD验证登陆,具体就不多介绍了,今天还是使用的是上一节安装的配置环境,对于今天的环境介绍,我们只是简单的修改即可
我们要使用Centos7+Openvpn使用Windows AD验证登陆,所以需要准备一条windows AD,其实说到windows AD,对于很多企业都在使用,看网上的很多文档都是使用的是openldap在做验证,但是对于大企业及一般企业来说,环境内都会有windows AD环境,所以跟windows AD集成起来相对还是比较方便管理用户的,具体见下:
环境介绍:
Hostname:DC
IP:192.168.5.10
Role:AD、DNS、CA
DomainName:ixmsoft.com
Hostname:OPenvpn
IP:192.168.5.20
Role:Openvpn
Hostname:Client
IP:192.168.5.23
Role:openvpn client
以下为我的AD配置信息
我们新建了一个OU:IXMSOFTLDAP,然后在找个OU下我们创建了一些测试用户和使用OPenvpn来验证的usergroup,我们后面会将用户a、zs、添加到这组里面,只要是这个组的用户都可以使用openvpn
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="263" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv-Lg6yU5AACXHsChIOw288.png">
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv-SR8eeUAAER7MkUx2g085.png">
接下来就是准备openvpn使用LDAP验证的配置介绍了;
使用openvpn服务跟LDAP验证的话, 我们需要安装一个ldap插件----openvpn-auth-ldap
因为我们上一篇中介绍了,centos7安装一些服务使用yum安装的话,需要制定源,所以我们只是确认一下
[root@openvpnopenvpn]#cat/etc/yum.repos.d/epel.repo
[epel] name=aliyunepel baseurl= http://mirrors.aliyun.com/epel/7Server/x86_64/ gpgcheck=0
[root@openvpn openvpn]#
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="97" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv-bh9LyeAABe54DzlYY321.png">
有了源后,我们就开始安装ldap插件
yuminstallopenvpn-auth-ldap-y
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="394" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjv-qhps4tAAGcmQN8RN8440.png">
安装完成
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="420" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv-2DRRYRAAHqeO1CJXY907.png">
然后我们进入ldpa的配置目录
cd/etc/openvpn/auth/
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="97" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjv-6xld8qAABpm67DH-w200.png">
vimldap.conf
查看默认的配置文件内容
<LDAP> #LDAPserverURL URLldap://ldap1.example.org #BindDN(IfyourLDAPserverdoesn'tsupportanonymousbinds) #BindDNuid=Manager,ou=People,dc=example,dc=com #Bindpassword #passwordSecretpassword #Networktimeout(inseconds) Timeout15 #EnableStartTLS TLSEnableyes #FollowLDAPReferrals(anonymously) FollowReferralsyes #TLSCACertificateFile TLSCACertFile/usr/local/etc/ssl/ca.pem #TLSCACertificateDirectory TLSCACertDir/etc/ssl/certs #ClientCertificateandkey #IfTLSclientauthenticationisrequired TLSCertFile/usr/local/etc/ssl/client-cert.pem TLSKeyFile/usr/local/etc/ssl/client-key.pem #CipherSuite #Thedefaultsareusuallyfinehere #TLSCipherSuiteALL:!ADH:@STRENGTH </LDAP> <Authorization> #BaseDN BaseDN"ou=People,dc=com" #UserSearchFilter SearchFilter"(&(uid=%u)(accountStatus=activE))" #requireGroupMembership requireGroupfalse #Addnon-groupmemberstoaPFtable(disabled) #PFTableips_vpn_users <Group> BaseDN"ou=Groups,dc=com" SearchFilter"(|(cn=developers)(cn=artists))" MemberAttributeuniqueMember #AddgroupmemberstoaPFtable(disabled) #PFTableips_vpn_eng </Group> </Authorization>
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjv_GiRjehAAFY7fSdsLU137.png">
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="176" src="http://s3.51cto.com/wyfs02/M01/8C/27/wKioL1hjv_OCNnV_AABwgQy_iBE867.png">
我们同样备份一份,为了安全考虑,建议搭建都备份一下
cpldap.confldap.conf.bak
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="100" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv_XCo4sBAAB8PBq8ldU287.png">
开始修改配置,清空内容进行编辑
echo>ldap.conf
然后粘贴以下内容
<LDAP> #LDAPserverURL #更改为AD服务器的ip URLldap://192.168.5.10 #BindDN(IfyourLDAPserverdoesn'tsupportanonymousbinds) #BindDNuid=Manager,dc=com #更改为域管理的dn,可以通过ldapsearch进行查询,-h的ip替换为服务器ip,-d换为管理员的dn,-b为基础的查询dn,*为所有 #ldapsearch-LLL-x-h172.16.76.238-D"administrator@xx.com"-W-b"dc=xx,dc=com""*" BindDN"CN=Administrator,CN=Users,DC=ixmsoft,DC=com" #Bindpassword #passwordSecretpassword #域管理员的密码 password123 #Networktimeout(inseconds) Timeout15 #EnableStartTLS TLSEnableno #FollowLDAPReferrals(anonymously) #FollowReferralsyes #TLSCACertificateFile #TLSCACertFileca.crt #TLSCACertificateDirectory #TLSCACertDir/etc/ssl/certs #ClientCertificateandkey #IfTLSclientauthenticationisrequired #TLSCertFile/usr/local/etc/ssl/client-cert.pem #TLSKeyFile/usr/local/etc/ssl/client-key.pem #CipherSuite #Thedefaultsareusuallyfinehere #TLSCipherSuiteALL:!ADH:@STRENGTH </LDAP> <Authorization> #BaseDN #查询认证的基础dn BaseDN"OU=IXMSOFTLDAP,DC=com" #UserSearchFilter #SearchFilter"(&(uid=%u)(accountStatus=activE))" #其中sAMAccountName=%u的意思是把sAMAccountName的字段取值为用户名,后面“memberof=CN=myvpn,DC=xx,DC=com”指向要认证的vpn用户组,这样任何用户使用vpn,只要加入这个组就好了 #SearchFilter"(&(sAMAccountName=%u)(memberof=CN=myvpn,OU=IXMSOFTLDAP,DC=com)" SearchFilter"(&(sAMAccountName=%u))" #requireGroupMembership requireGroupfalse #Addnon-groupmemberstoaPFtable(disabled) #PFTableips_vpn_users <Group> #BaseDN"ou=Groups,dc=com" #SearchFilter"(|(cn=developers)(cn=artists))" #MemberAttributeuniqueMember #AddgroupmemberstoaPFtable(disabled) #PFTableips_vpn_eng BaseDN"OU=IXMSOFTLDAP,DC=com" SearchFilter"(|(cn=myvpn))" MemberAttribute"member" </Group> </Authorization>
保存退出后,我们还需要修改openvpn的配置文件,
默认的配置文件
cat/etc/openvpn/server.cof port1194#监听端口 prototcp#监听协议 devtun#采用隧道 caca.crt#ca证书路劲 certserver.crt#服务器证书路劲 keyserver.key#服务器秘钥 dhdh2048.pem#秘钥交换协议文件 server10.10.10.0255.255.255.0#给客户端分配的地址,注意:不能和vpn服务器的内部地址相同 ifconfig-pool-persistipp.txt#访问记录 push"route192.168.5.0255.255.255.0"#允许客户端访问的地址网段 #push"redirect-gatewaydef1bypass-dhcp" push"dhcp-optionDNS223.5.5.5"#DHCP分配的DNS push"dhcp-optionDNS223.6.6.6" keepalive10120#活动时间,10秒ping一次,120秒如果未收到响应视为断线 #cipherAES-256-CBC max-clients100#允许最大连接数 #usernobody#用户 #groupnobody#用户组 persist-key persist-tun statusopenvpn-status.log logopenvpn.log verb5
我们需要在原有的默认配置文件上添加以下三个参数:
plugin/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so"/etc/openvpn/auth/ldap.confcn=%u" client-cert-not-required username-as-common-name
添加后的结果为:
port1194#监听端口 prototcp#监听协议 devtun#采用隧道 caca.crt#ca证书路劲 certserver.crt#服务器证书路劲 keyserver.key#服务器秘钥 dhdh2048.pem#秘钥交换协议文件 server10.10.10.0255.255.255.0#给客户端分配的地址,注意:不能和vpn服务器的内部地址相同 ifconfig-pool-persistipp.txt#访问记录 push"route192.168.5.0255.255.255.0"#允许客户端访问的地址网段 #push"redirect-gatewaydef1bypass-dhcp" push"dhcp-optionDNS223.5.5.5"#DHCP分配的DNS push"dhcp-optionDNS223.6.6.6" keepalive10120#活动时间,10秒ping一次,120秒如果未收到响应视为断线 #cipherAES-256-CBC max-clients100#允许最大连接数 #usernobody#用户 #groupnobody#用户组 persist-key persist-tun statusopenvpn-status.log logopenvpn.log verb5 plugin/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so"/etc/openvpn/auth/ldap.confcn=%u" client-cert-not-required username-as-common-name
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="319" src="http://s3.51cto.com/wyfs02/M02/8C/27/wKioL1hjv_jiP7Y5AAF9OgVwS5g690.png">
修改后,我们需要重启openvpn服务
systemctlrestart openvpn@server
重启服务后,我们就可以测试了,客户端的配置我们不用修改,因为上一节文章中我们已经添加了一个默认的参数,然后使用的是本地账户登陆验证
auth-user-pass
以下为client端的默认配置
此时我们需要的是ca证书,其他证书都不需要了;
我们可以将ca的证书内容粘贴到ca配置选项中,如果用户多的话,只需要将这个配置文件client.ovpn替换即可。
client devtun prototcp reomote192.168.5.201194 resolv-retryinfinite nobind persist-key persist-tun caca.crt #certclient.crt #keyclient.key verb5 auth-user-pass
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="436" src="http://s3.51cto.com/wyfs02/M02/8C/27/wKioL1hjv_uAP0lOAAFykSg3Ag8708.png">
接下来我们就可以尝试使用AD用户进行登录了
因为我们的配置是从OU=IXMSOFTLDAP下的myvpn用户组中获取用户,所以只要是myvpn组内的用户都是可以登陆的,
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv_yRbgrXAAEIwdpzwWs536.png">
所以我们使用zs用户验证登陆
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="479" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjwBrz-MXpAAV3FLUocz0207.png">
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="481" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjwQzh9wSrAAXO0VLVCjY152.png">
登陆成功
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="483" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjwRfB-GjPAAYrYnA_BpM432.png">
查看IP地址状态及openvpn连接状态
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="479" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjwSHBmn6FAARNHa2bl_8197.png">
然后我们查看openvpn的log,我们通过log查看也是登陆完成的。
tail�Cf/etc/opevpn/openvpn.log
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="259" src="http://s3.51cto.com/wyfs02/M02/8C/28/wKioL1hjwSagyYyVAAL_Uq1pabk071.png">
如果使用一个不再myvpn组内的用户--ls验证登陆会怎么样呢
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjwTCgxejYAAU-VHLQ4hw610.png">
这样ls用户会一直验证,提示输入账户及密码错误的现象。
然后我们查看log,会发现提示ls这个用户没有发现
s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="196" src="http://s3.51cto.com/wyfs02/M00/8C/28/wKioL1hjwTST3nKeAAH44Hxj2W0298.png">
注意:如果在使用Linux集成LDAP的时候,提示联系不到LDAP的话,我们可以先使用以下方法进行测试
yuminstall-yopenldap-clients
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s5.51cto.com/wyfs02/M02/8C/2B/wKiom1hjxOTztLmlAACL0XzsFvA656.png-wh_500x0-wm_3-wmp_4-s_2482787540.png">
安装完成后,我们可以使用
ldapsearch参数进行测试 -b指定搜索范围 -D验证用户 ldapsearch-x-W-D"cn=administrator,cn=users,dc=ixmsoft,dc=com"-b"dc=ixmsoft,dc=com"-h192.168.5.10-sonedn-LLL ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10 ldapsearch-x-W-D"cn=administrator,dc=com"-b"ou=ixmsoftldap,dc=com"-h192.168.5.10
执行后会提示输入域administrator的账户进行连接验证
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s2.51cto.com/wyfs02/M01/8C/2B/wKiom1hjxXCiYKLAAAAxbgg-P3E068.jpg-wh_500x0-wm_3-wmp_4-s_676654973.jpg">
输入密码后,会查询结果
ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10 [root@openvpn~]#ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10 EnterLDAPpassword: #extendedLDIF # #LDAPv3 #base<ou=ixmsoftldap,dc=com>withscopesubtree #filter:(objectclass=*) #requesTing:ALL # #IXMSOFTLDAP,ixmsoft.com dn:OU=IXMSOFTLDAP,DC=com objectClass:top objectClass:organizationalUnit ou:IXMSOFTLDAP disTinguishedName:OU=IXMSOFTLDAP,DC=com instanCEType:4 whenCreated:20161031132324.0Z whenChanged:20161228073308.0Z uSNCreated:12814 uSNChanged:84683 name:IXMSOFTLDAP objectGUID::cMItf70U20qyaLdCfU+LoA== objectCategory:CN=Organizational-Unit,CN=scheR_953_11845@a,CN=Configuration,D C=com dscorePropagationData:20161211135427.0Z dscorePropagationData:20161211135426.0Z dscorePropagationData:20161031132324.0Z dscorePropagationData:20161031132324.0Z dscorePropagationData:16010101000416.0Z #gavin,IXMSOFTLDAP,ixmsoft.com dn:CN=gavin,DC=com objectClass:top objectClass:person objectClass:organizationalPerson objectClass:user cn:gavin disTinguishedName:CN=gavin,DC=com instanCEType:4 whenCreated:20161031132636.0Z whenChanged:20161213064218.0Z displayName:gavin uSNCreated:12834 memberOf:CN=DomainAdmins,DC=com memberOf:CN=EnterpriseAdmins,DC=com memberOf:CN=scheR_953_11845@aAdmins,DC=com uSNChanged:83107 name:gavin objectGUID::EoJ2j0/CEEahljdqlm3M8Q== userAccountControl:512 badPwdCount:0 codePage:0 countryCode:0 badpasswordTime:0 lastlogoff:0 lastlogon:0 pwdLastSet:131223940286681367 priMaryGroupID:513 objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wTwQAAA== adminCount:1 accountexpires:9223372036854775807 logonCount:0 sAMAccountName:gavin sAMAccountType:805306368 userPrincipalName:gavin@ixmsoft.com objectCategory:CN=Person,DC=com dscorePropagationData:20161211140944.0Z dscorePropagationData:20161211135426.0Z dscorePropagationData:20161031140559.0Z dscorePropagationData:16010101000000.0Z #a,ixmsoft.com dn:CN=a,DC=com objectClass:top objectClass:person objectClass:organizationalPerson objectClass:user cn:a disTinguishedName:CN=a,DC=com instanCEType:4 whenCreated:20161211150724.0Z whenChanged:20161228041930.0Z displayName:a uSNCreated:76250 memberOf:CN=openvpnuser,DC=com memberOf:CN=openvpn,OU=vpn,DC=com memberOf:CN=myvpn,DC=com uSNChanged:84656 proxyAddresses:SMTP:a@ixmsoft.com name:a objectGUID::UG7KmwzOpE+eCEQCIXYirg== userAccountControl:66048 badPwdCount:0 codePage:0 countryCode:0 badpasswordTime:0 lastlogoff:0 lastlogon:131259971048958897 pwdLastSet:131273684370053522 priMaryGroupID:513 objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/weQQAAA== accountexpires:9223372036854775807 logonCount:125 sAMAccountName:a sAMAccountType:805306368 showInAddressBook:CN=MailBoxes(VLV),CN=AllSystemAddressLists,CN=AddressLi stsContainer,CN=ixmsoft,CN=MicrosoftExchange,CN=services,D C=ixmsoft,DC=com showInAddressBook:CN=AllMailBoxes(VLV),CN=Addres sListsContainer,CN=Configurati on,DC=com showInAddressBook:CN=AllRecipients(VLV),CN=Addre ssListsContainer,CN=Configurat ion,DC=com showInAddressBook:CN=DefaultGlobalAddressList,CN=AllGlobalAddressLists,CN=AddressListsContainer,CN=Co nfiguration,DC=com showInAddressBook:CN=AllUsers,CN=AllAddressLists,CN=AddressListsContaine r,DC =com legacyExchangeDN:/o=ixmsoft/ou=ExchangeAdministrativeGroup(FYDIBOHF23SPDLT )/cn=Recipients/cn=f7a926c52baa45ac83d487105a17abb5-a userPrincipalName:a@ixmsoft.com objectCategory:CN=Person,DC=com dscorePropagationData:16010101000000.0Z lastlogontimestamp:131259433371916627 uid:a mail:a@ixmsoft.com mailNickname:a msExchPoliciesIncluded:cfdf87af-dd7f-4a7b-85e4-e0ba077efe78 msExchPoliciesIncluded:{26491cfc-9e50-4857-861b-0cb8df22b5d7} msExchCalendarLoggingQuota:6291456 msExchRecipientDisplayType:1073741824 mDBUseDefaults:TRUE msExchTextmessagingState:302120705 msExchTextmessagingState:16842751 msExchArchiveQuota:104857600 msExchMailBoxGuid::ii4VjsET5kqpVJcdHpSOhg== homeMDB:CN=MailBoxDatabase1277431463,CN=Databases,CN=ExchangeAdministrativ eGroup(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=MicrosoftEx change,DC=com msExchUserCulture:zh-CN msExchRecipientTypeDetails:1 msExchMailBoxSecurityDescriptor::AQAEgBQAAAAgAAAAAAAAACwAAAABAQAAAAAABQoAAAAB AQAAAAAABQoAAAAEABwAAQAAAAACFAABAAIAAQEAAAAAAAUKAAAA msExchUserAccountControl:0 msExchUMDtmfMap:emailAddress:2 msExchUMDtmfMap:lastNameFirstName:2 msExchUMDtmfMap:firstNameLastName:2 msExchWhenMailBoxCreated:20161211152053.0Z msExchHomeServerName:/o=ixmsoft/ou=ExchangeAdministrativeGroup(FYDIBOHF23S PDLT)/cn=Configuration/cn=Servers/cn=EX01 msExchDumpsterQuota:31457280 msExchDumpsterWarningQuota:20971520 msExchVersion:88218628259840 msExchRBACPolicyLink:CN=DefaultRoleAssignmentPolicy,CN=Policies,CN=RBAC,CN =ixmsoft,DC=com msExchArchiveWarnQuota:94371840 #myvpn,ixmsoft.com dn:CN=myvpn,DC=com objectClass:top objectClass:group cn:myvpn description:opvpn_group member:CN=zs,DC=com member:CN=a,DC=com disTinguishedName:CN=myvpn,DC=com instanCEType:4 whenCreated:20161228013545.0Z whenChanged:20161228073446.0Z uSNCreated:84617 uSNChanged:84692 name:myvpn objectGUID::iCieup3yF0CcvkrZ5K4owQ== objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wewQAAA== sAMAccountName:myvpn sAMAccountType:268435456 groupType:-2147483646 objectCategory:CN=Group,DC=com dscorePropagationData:20161228044206.0Z dscorePropagationData:16010101000000.0Z #zs,ixmsoft.com dn:CN=zs,DC=com objectClass:top objectClass:person objectClass:organizationalPerson objectClass:user cn:zs disTinguishedName:CN=zs,DC=com instanCEType:4 whenCreated:20161228073427.0Z whenChanged:20161228104050.0Z displayName:zs uSNCreated:84685 memberOf:CN=myvpn,DC=com uSNChanged:84707 name:zs objectGUID::aGJRtfM4BkqcoXKrRtKeFQ== userAccountControl:512 badPwdCount:0 codePage:0 countryCode:0 badpasswordTime:0 lastlogoff:0 lastlogon:0 pwdLastSet:131273840680565017 priMaryGroupID:513 objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wfwQAAA== accountexpires:9223372036854775807 logonCount:0 sAMAccountName:zs sAMAccountType:805306368 userPrincipalName:zs@ixmsoft.com objectCategory:CN=Person,DC=com dscorePropagationData:20161228104050.0Z dscorePropagationData:16010101000000.0Z #sqladmin,ixmsoft.com dn:CN=sqladmin,DC=com objectClass:top objectClass:person objectClass:organizationalPerson objectClass:user cn:sqladmin disTinguishedName:CN=sqladmin,DC=com instanCEType:4 whenCreated:20161101072712.0Z whenChanged:20161213064218.0Z displayName:sqladmin uSNCreated:14261 uSNChanged:83109 name:sqladmin objectGUID::/orLK52ZskWhDhcGqz1k5A== userAccountControl:512 badPwdCount:0 codePage:0 countryCode:0 badpasswordTime:131224606337808745 lastlogoff:0 lastlogon:131225414441612134 pwdLastSet:131224588326777247 priMaryGroupID:513 objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wVQQAAA== accountexpires:9223372036854775807 logonCount:48 sAMAccountName:sqladmin sAMAccountType:805306368 userPrincipalName:sqladmin@ixmsoft.com objectCategory:CN=Person,DC=com dscorePropagationData:20161211135426.0Z dscorePropagationData:16010101000001.0Z lastlogontimestamp:131224588677494199 #searchresult search:2 result:0success #numResponses:7 #numEntries:6
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s2.51cto.com/wyfs02/M02/8C/2B/wKiom1hjxejQbSOcAAF5Wbg7hgA348.jpg-wh_500x0-wm_3-wmp_4-s_260593772.jpg">
以上是大佬教程为你收集整理的Centos7+Openvpn使用Windows AD验证登陆全部内容,希望文章能够帮你解决Centos7+Openvpn使用Windows AD验证登陆所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。