CentOS   发布时间:2022-05-09  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了Centos7+Openvpn使用Windows AD验证登陆大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

我们上一篇你文章介绍了Centos7+openvpn使用本地用户和密码验证登陆的配置介绍,今天我们介绍Centos7+Openvpn使用Windows AD验证登陆,具体就不多介绍了,今天还是使用的是上一节安装的配置环境,对于今天的环境介绍,我们只是简单的修改即可

我们要使用Centos7+Openvpn使用Windows AD验证登陆,所以需要准备一条windows AD,其实说到windows AD,对于很多企业都在使用,看网上的很多文档都是使用的是openldap在做验证,但是对于大企业及一般企业来说,环境内都会有windows AD环境,所以跟windows AD集成起来相对还是比较方便管理用户的,具体见下:

环境介绍:

Hostname:DC

IP:192.168.5.10

Role:AD、DNS、CA

DomainName:ixmsoft.com

Hostname:OPenvpn

IP:192.168.5.20

Role:Openvpn

Hostname:Client

IP:192.168.5.23

Role:openvpn client

以下为我的AD配置信息

我们新建了一个OU:IXMSOFTLDAP,然后在找个OU下我们创建了一些测试用户和使用OPenvpn来验证的usergroup,我们后面会将用户a、zs、添加到这组里面,只要是这个组的用户都可以使用openvpn

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="263" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv-Lg6yU5AACXHsChIOw288.png">

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv-SR8eeUAAER7MkUx2g085.png">

接下来就是准备openvpn使用LDAP验证的配置介绍了;

使用openvpn服务跟LDAP验证的话, 我们需要安装一个ldap插件----openvpn-auth-ldap

因为我们上一篇中介绍了,centos7安装一些服务使用yum安装的话,需要制定源,所以我们只是确认一下

[root@openvpnopenvpn]#cat/etc/yum.repos.d/epel.repo
[epel]
name=aliyunepel
baseurl=
http://mirrors.aliyun.com/epel/7Server/x86_64/

gpgcheck=0

[root@openvpn openvpn]#

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="97" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv-bh9LyeAABe54DzlYY321.png">

有了源后,我们就开始安装ldap插件

yuminstallopenvpn-auth-ldap-y

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="394" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjv-qhps4tAAGcmQN8RN8440.png">

安装完成

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="420" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv-2DRRYRAAHqeO1CJXY907.png">

然后我们进入ldpa的配置目录

cd/etc/openvpn/auth/

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="97" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjv-6xld8qAABpm67DH-w200.png">

vimldap.conf

查看默认的配置文件内容

<LDAP>
#LDAPserverURL
URLldap://ldap1.example.org
#BindDN(IfyourLDAPserverdoesn'tsupportanonymousbinds)
#BindDNuid=Manager,ou=People,dc=example,dc=com
#Bindpassword
#passwordSecretpassword
#Networktimeout(inseconds)
Timeout15
#EnableStartTLS
TLSEnableyes
#FollowLDAPReferrals(anonymously)
FollowReferralsyes
#TLSCACertificateFile
TLSCACertFile/usr/local/etc/ssl/ca.pem
#TLSCACertificateDirectory
TLSCACertDir/etc/ssl/certs
#ClientCertificateandkey
#IfTLSclientauthenticationisrequired
TLSCertFile/usr/local/etc/ssl/client-cert.pem
TLSKeyFile/usr/local/etc/ssl/client-key.pem
#CipherSuite
#Thedefaultsareusuallyfinehere
#TLSCipherSuiteALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
#BaseDN
BaseDN"ou=People,dc=com"
#UserSearchFilter
SearchFilter"(&(uid=%u)(accountStatus=activE))"
#requireGroupMembership
requireGroupfalse
#Addnon-groupmemberstoaPFtable(disabled)
#PFTableips_vpn_users
<Group>
BaseDN"ou=Groups,dc=com"
SearchFilter"(|(cn=developers)(cn=artists))"
MemberAttributeuniqueMember
#AddgroupmemberstoaPFtable(disabled)
#PFTableips_vpn_eng
</Group>
</Authorization>

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjv_GiRjehAAFY7fSdsLU137.png">

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="176" src="http://s3.51cto.com/wyfs02/M01/8C/27/wKioL1hjv_OCNnV_AABwgQy_iBE867.png">

我们同样备份一份,为了安全考虑,建议搭建都备份一下

cpldap.confldap.conf.bak

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="100" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjv_XCo4sBAAB8PBq8ldU287.png">

开始修改配置,清空内容进行编辑

echo>ldap.conf

然后粘贴以下内容

<LDAP>
#LDAPserverURL
#更改为AD服务器的ip
URLldap://192.168.5.10
#BindDN(IfyourLDAPserverdoesn'tsupportanonymousbinds)
#BindDNuid=Manager,dc=com
#更改为域管理的dn,可以通过ldapsearch进行查询,-h的ip替换为服务器ip,-d换为管理员的dn,-b为基础的查询dn,*为所有
#ldapsearch-LLL-x-h172.16.76.238-D"administrator@xx.com"-W-b"dc=xx,dc=com""*"
BindDN"CN=Administrator,CN=Users,DC=ixmsoft,DC=com"
#Bindpassword
#passwordSecretpassword
#域管理员的密码
password123
#Networktimeout(inseconds)
Timeout15
#EnableStartTLS
TLSEnableno
#FollowLDAPReferrals(anonymously)
#FollowReferralsyes
#TLSCACertificateFile
#TLSCACertFileca.crt
#TLSCACertificateDirectory
#TLSCACertDir/etc/ssl/certs
#ClientCertificateandkey
#IfTLSclientauthenticationisrequired
#TLSCertFile/usr/local/etc/ssl/client-cert.pem
#TLSKeyFile/usr/local/etc/ssl/client-key.pem
#CipherSuite
#Thedefaultsareusuallyfinehere
#TLSCipherSuiteALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
#BaseDN
#查询认证的基础dn
BaseDN"OU=IXMSOFTLDAP,DC=com"
#UserSearchFilter
#SearchFilter"(&(uid=%u)(accountStatus=activE))"
#其中sAMAccountName=%u的意思是把sAMAccountName的字段取值为用户名,后面“memberof=CN=myvpn,DC=xx,DC=com”指向要认证的vpn用户组,这样任何用户使用vpn,只要加入这个组就好了
#SearchFilter"(&(sAMAccountName=%u)(memberof=CN=myvpn,OU=IXMSOFTLDAP,DC=com)"
SearchFilter"(&(sAMAccountName=%u))"
#requireGroupMembership
requireGroupfalse
#Addnon-groupmemberstoaPFtable(disabled)
#PFTableips_vpn_users
<Group>
#BaseDN"ou=Groups,dc=com"
#SearchFilter"(|(cn=developers)(cn=artists))"
#MemberAttributeuniqueMember
#AddgroupmemberstoaPFtable(disabled)
#PFTableips_vpn_eng
BaseDN"OU=IXMSOFTLDAP,DC=com"
SearchFilter"(|(cn=myvpn))"
MemberAttribute"member"
</Group>
</Authorization>

保存退出后,我们还需要修改openvpn的配置文件,

默认的配置文件

cat/etc/openvpn/server.cof
port1194#监听端口
prototcp#监听协议
devtun#采用隧道
caca.crt#ca证书路劲
certserver.crt#服务器证书路劲
keyserver.key#服务器秘钥
dhdh2048.pem#秘钥交换协议文件
server10.10.10.0255.255.255.0#给客户端分配的地址,注意:不能和vpn服务器的内部地址相同
ifconfig-pool-persistipp.txt#访问记录
push"route192.168.5.0255.255.255.0"#允许客户端访问的地址网段
#push"redirect-gatewaydef1bypass-dhcp"
push"dhcp-optionDNS223.5.5.5"#DHCP分配的DNS
push"dhcp-optionDNS223.6.6.6"
keepalive10120#活动时间,10秒ping一次,120秒如果未收到响应视为断线
#cipherAES-256-CBC
max-clients100#允许最大连接数
#usernobody#用户
#groupnobody#用户组
persist-key
persist-tun
statusopenvpn-status.log
logopenvpn.log
verb5

我们需要在原有的默认配置文件上添加以下三个参数:

plugin/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so"/etc/openvpn/auth/ldap.confcn=%u"
client-cert-not-required
username-as-common-name

添加后的结果为:

port1194#监听端口
prototcp#监听协议
devtun#采用隧道
caca.crt#ca证书路劲
certserver.crt#服务器证书路劲
keyserver.key#服务器秘钥
dhdh2048.pem#秘钥交换协议文件
server10.10.10.0255.255.255.0#给客户端分配的地址,注意:不能和vpn服务器的内部地址相同
ifconfig-pool-persistipp.txt#访问记录
push"route192.168.5.0255.255.255.0"#允许客户端访问的地址网段
#push"redirect-gatewaydef1bypass-dhcp"
push"dhcp-optionDNS223.5.5.5"#DHCP分配的DNS
push"dhcp-optionDNS223.6.6.6"
keepalive10120#活动时间,10秒ping一次,120秒如果未收到响应视为断线
#cipherAES-256-CBC
max-clients100#允许最大连接数
#usernobody#用户
#groupnobody#用户组
persist-key
persist-tun
statusopenvpn-status.log
logopenvpn.log
verb5
plugin/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so"/etc/openvpn/auth/ldap.confcn=%u"
client-cert-not-required
username-as-common-name

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="319" src="http://s3.51cto.com/wyfs02/M02/8C/27/wKioL1hjv_jiP7Y5AAF9OgVwS5g690.png">

修改后,我们需要重启openvpn服务

systemctlrestart
openvpn@server

重启服务后,我们就可以测试了,客户端的配置我们不用修改,因为上一节文章中我们已经添加了一个默认的参数,然后使用的是本地账户登陆验证

auth-user-pass

以下为client端的默认配置

此时我们需要的是ca证书,其他证书都不需要了;

我们可以将ca的证书内容粘贴到ca配置选项中,如果用户多的话,只需要将这个配置文件client.ovpn替换即可。

client
devtun
prototcp
reomote192.168.5.201194
resolv-retryinfinite
nobind
persist-key
persist-tun
caca.crt
#certclient.crt
#keyclient.key
verb5
auth-user-pass

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="436" src="http://s3.51cto.com/wyfs02/M02/8C/27/wKioL1hjv_uAP0lOAAFykSg3Ag8708.png">

接下来我们就可以尝试使用AD用户进行登录了

因为我们的配置是从OU=IXMSOFTLDAP下的myvpn用户组中获取用户,所以只要是myvpn组内的用户都是可以登陆的,

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M00/8C/2B/wKiom1hjv_yRbgrXAAEIwdpzwWs536.png">

所以我们使用zs用户验证登陆

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="479" src="http://s3.51cto.com/wyfs02/M00/8C/27/wKioL1hjwBrz-MXpAAV3FLUocz0207.png">

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="481" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjwQzh9wSrAAXO0VLVCjY152.png">

登陆成功

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="483" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjwRfB-GjPAAYrYnA_BpM432.png">

查看IP地址状态及openvpn连接状态

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="479" src="http://s3.51cto.com/wyfs02/M02/8C/2B/wKiom1hjwSHBmn6FAARNHa2bl_8197.png">

然后我们查看openvpn的log,我们通过log查看也是登陆完成的。

tail�Cf/etc/opevpn/openvpn.log

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="259" src="http://s3.51cto.com/wyfs02/M02/8C/28/wKioL1hjwSagyYyVAAL_Uq1pabk071.png">

如果使用一个不再myvpn组内的用户--ls验证登陆会怎么样呢


Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="484" src="http://s3.51cto.com/wyfs02/M01/8C/2B/wKiom1hjwTCgxejYAAU-VHLQ4hw610.png">

这样ls用户会一直验证,提示输入账户及密码错误的现象。

然后我们查看log,会发现提示ls这个用户没有发现

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" style="border-top:0px;border-right:0px;BACkground-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px;" border="0" src="http://img.code.cc/vcimg/static/loading.png" height="196" src="http://s3.51cto.com/wyfs02/M00/8C/28/wKioL1hjwTST3nKeAAH44Hxj2W0298.png">

注意:如果在使用Linux集成LDAP的时候,提示联系不到LDAP的话,我们可以先使用以下方法进行测试

yuminstall-yopenldap-clients

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s5.51cto.com/wyfs02/M02/8C/2B/wKiom1hjxOTztLmlAACL0XzsFvA656.png-wh_500x0-wm_3-wmp_4-s_2482787540.png">

安装完成后,我们可以使用

ldapsearch参数进行测试
-b指定搜索范围
-D验证用户
ldapsearch-x-W-D"cn=administrator,cn=users,dc=ixmsoft,dc=com"-b"dc=ixmsoft,dc=com"-h192.168.5.10-sonedn-LLL
ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10
ldapsearch-x-W-D"cn=administrator,dc=com"-b"ou=ixmsoftldap,dc=com"-h192.168.5.10

执行后会提示输入域administrator的账户进行连接验证

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s2.51cto.com/wyfs02/M01/8C/2B/wKiom1hjxXCiYKLAAAAxbgg-P3E068.jpg-wh_500x0-wm_3-wmp_4-s_676654973.jpg">

输入密码后,会查询结果

ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10
[root@openvpn~]#ldapsearch-x-W-D"cn=administrator,dc=com"-h192.168.5.10
EnterLDAPpassword:
#extendedLDIF
#
#LDAPv3
#base<ou=ixmsoftldap,dc=com>withscopesubtree
#filter:(objectclass=*)
#requesTing:ALL
#
#IXMSOFTLDAP,ixmsoft.com
dn:OU=IXMSOFTLDAP,DC=com
objectClass:top
objectClass:organizationalUnit
ou:IXMSOFTLDAP
disTinguishedName:OU=IXMSOFTLDAP,DC=com
instanCEType:4
whenCreated:20161031132324.0Z
whenChanged:20161228073308.0Z
uSNCreated:12814
uSNChanged:84683
name:IXMSOFTLDAP
objectGUID::cMItf70U20qyaLdCfU+LoA==
objectCategory:CN=Organizational-Unit,CN=scheR_953_11845@a,CN=Configuration,D
C=com
dscorePropagationData:20161211135427.0Z
dscorePropagationData:20161211135426.0Z
dscorePropagationData:20161031132324.0Z
dscorePropagationData:20161031132324.0Z
dscorePropagationData:16010101000416.0Z
#gavin,IXMSOFTLDAP,ixmsoft.com
dn:CN=gavin,DC=com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:user
cn:gavin
disTinguishedName:CN=gavin,DC=com
instanCEType:4
whenCreated:20161031132636.0Z
whenChanged:20161213064218.0Z
displayName:gavin
uSNCreated:12834
memberOf:CN=DomainAdmins,DC=com
memberOf:CN=EnterpriseAdmins,DC=com
memberOf:CN=scheR_953_11845@aAdmins,DC=com
uSNChanged:83107
name:gavin
objectGUID::EoJ2j0/CEEahljdqlm3M8Q==
userAccountControl:512
badPwdCount:0
codePage:0
countryCode:0
badpasswordTime:0
lastlogoff:0
lastlogon:0
pwdLastSet:131223940286681367
priMaryGroupID:513
objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wTwQAAA==
adminCount:1
accountexpires:9223372036854775807
logonCount:0
sAMAccountName:gavin
sAMAccountType:805306368
userPrincipalName:gavin@ixmsoft.com
objectCategory:CN=Person,DC=com
dscorePropagationData:20161211140944.0Z
dscorePropagationData:20161211135426.0Z
dscorePropagationData:20161031140559.0Z
dscorePropagationData:16010101000000.0Z
#a,ixmsoft.com
dn:CN=a,DC=com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:user
cn:a
disTinguishedName:CN=a,DC=com
instanCEType:4
whenCreated:20161211150724.0Z
whenChanged:20161228041930.0Z
displayName:a
uSNCreated:76250
memberOf:CN=openvpnuser,DC=com
memberOf:CN=openvpn,OU=vpn,DC=com
memberOf:CN=myvpn,DC=com
uSNChanged:84656
proxyAddresses:SMTP:a@ixmsoft.com
name:a
objectGUID::UG7KmwzOpE+eCEQCIXYirg==
userAccountControl:66048
badPwdCount:0
codePage:0
countryCode:0
badpasswordTime:0
lastlogoff:0
lastlogon:131259971048958897
pwdLastSet:131273684370053522
priMaryGroupID:513
objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/weQQAAA==
accountexpires:9223372036854775807
logonCount:125
sAMAccountName:a
sAMAccountType:805306368
showInAddressBook:CN=MailBoxes(VLV),CN=AllSystemAddressLists,CN=AddressLi
stsContainer,CN=ixmsoft,CN=MicrosoftExchange,CN=services,D
C=ixmsoft,DC=com
showInAddressBook:CN=AllMailBoxes(VLV),CN=Addres
sListsContainer,CN=Configurati
on,DC=com
showInAddressBook:CN=AllRecipients(VLV),CN=Addre
ssListsContainer,CN=Configurat
ion,DC=com
showInAddressBook:CN=DefaultGlobalAddressList,CN=AllGlobalAddressLists,CN=AddressListsContainer,CN=Co
nfiguration,DC=com
showInAddressBook:CN=AllUsers,CN=AllAddressLists,CN=AddressListsContaine
r,DC
=com
legacyExchangeDN:/o=ixmsoft/ou=ExchangeAdministrativeGroup(FYDIBOHF23SPDLT
)/cn=Recipients/cn=f7a926c52baa45ac83d487105a17abb5-a
userPrincipalName:a@ixmsoft.com
objectCategory:CN=Person,DC=com
dscorePropagationData:16010101000000.0Z
lastlogontimestamp:131259433371916627
uid:a
mail:a@ixmsoft.com
mailNickname:a
msExchPoliciesIncluded:cfdf87af-dd7f-4a7b-85e4-e0ba077efe78
msExchPoliciesIncluded:{26491cfc-9e50-4857-861b-0cb8df22b5d7}
msExchCalendarLoggingQuota:6291456
msExchRecipientDisplayType:1073741824
mDBUseDefaults:TRUE
msExchTextmessagingState:302120705
msExchTextmessagingState:16842751
msExchArchiveQuota:104857600
msExchMailBoxGuid::ii4VjsET5kqpVJcdHpSOhg==
homeMDB:CN=MailBoxDatabase1277431463,CN=Databases,CN=ExchangeAdministrativ
eGroup(FYDIBOHF23SPDLT),CN=AdministrativeGroups,CN=MicrosoftEx
change,DC=com
msExchUserCulture:zh-CN
msExchRecipientTypeDetails:1
msExchMailBoxSecurityDescriptor::AQAEgBQAAAAgAAAAAAAAACwAAAABAQAAAAAABQoAAAAB
AQAAAAAABQoAAAAEABwAAQAAAAACFAABAAIAAQEAAAAAAAUKAAAA
msExchUserAccountControl:0
msExchUMDtmfMap:emailAddress:2
msExchUMDtmfMap:lastNameFirstName:2
msExchUMDtmfMap:firstNameLastName:2
msExchWhenMailBoxCreated:20161211152053.0Z
msExchHomeServerName:/o=ixmsoft/ou=ExchangeAdministrativeGroup(FYDIBOHF23S
PDLT)/cn=Configuration/cn=Servers/cn=EX01
msExchDumpsterQuota:31457280
msExchDumpsterWarningQuota:20971520
msExchVersion:88218628259840
msExchRBACPolicyLink:CN=DefaultRoleAssignmentPolicy,CN=Policies,CN=RBAC,CN
=ixmsoft,DC=com
msExchArchiveWarnQuota:94371840
#myvpn,ixmsoft.com
dn:CN=myvpn,DC=com
objectClass:top
objectClass:group
cn:myvpn
description:opvpn_group
member:CN=zs,DC=com
member:CN=a,DC=com
disTinguishedName:CN=myvpn,DC=com
instanCEType:4
whenCreated:20161228013545.0Z
whenChanged:20161228073446.0Z
uSNCreated:84617
uSNChanged:84692
name:myvpn
objectGUID::iCieup3yF0CcvkrZ5K4owQ==
objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wewQAAA==
sAMAccountName:myvpn
sAMAccountType:268435456
groupType:-2147483646
objectCategory:CN=Group,DC=com
dscorePropagationData:20161228044206.0Z
dscorePropagationData:16010101000000.0Z
#zs,ixmsoft.com
dn:CN=zs,DC=com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:user
cn:zs
disTinguishedName:CN=zs,DC=com
instanCEType:4
whenCreated:20161228073427.0Z
whenChanged:20161228104050.0Z
displayName:zs
uSNCreated:84685
memberOf:CN=myvpn,DC=com
uSNChanged:84707
name:zs
objectGUID::aGJRtfM4BkqcoXKrRtKeFQ==
userAccountControl:512
badPwdCount:0
codePage:0
countryCode:0
badpasswordTime:0
lastlogoff:0
lastlogon:0
pwdLastSet:131273840680565017
priMaryGroupID:513
objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wfwQAAA==
accountexpires:9223372036854775807
logonCount:0
sAMAccountName:zs
sAMAccountType:805306368
userPrincipalName:zs@ixmsoft.com
objectCategory:CN=Person,DC=com
dscorePropagationData:20161228104050.0Z
dscorePropagationData:16010101000000.0Z
#sqladmin,ixmsoft.com
dn:CN=sqladmin,DC=com
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:user
cn:sqladmin
disTinguishedName:CN=sqladmin,DC=com
instanCEType:4
whenCreated:20161101072712.0Z
whenChanged:20161213064218.0Z
displayName:sqladmin
uSNCreated:14261
uSNChanged:83109
name:sqladmin
objectGUID::/orLK52ZskWhDhcGqz1k5A==
userAccountControl:512
badPwdCount:0
codePage:0
countryCode:0
badpasswordTime:131224606337808745
lastlogoff:0
lastlogon:131225414441612134
pwdLastSet:131224588326777247
priMaryGroupID:513
objectSid::AQUAAAAAAAUVAAAAF+vK5x9VEfOCMw/wVQQAAA==
accountexpires:9223372036854775807
logonCount:48
sAMAccountName:sqladmin
sAMAccountType:805306368
userPrincipalName:sqladmin@ixmsoft.com
objectCategory:CN=Person,DC=com
dscorePropagationData:20161211135426.0Z
dscorePropagationData:16010101000001.0Z
lastlogontimestamp:131224588677494199
#searchresult
search:2
result:0success
#numResponses:7
#numEntries:6

Centos7+Openvpn使用Windows AD验证登陆s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s2.51cto.com/wyfs02/M02/8C/2B/wKiom1hjxejQbSOcAAF5Wbg7hgA348.jpg-wh_500x0-wm_3-wmp_4-s_260593772.jpg">

大佬总结

以上是大佬教程为你收集整理的Centos7+Openvpn使用Windows AD验证登陆全部内容,希望文章能够帮你解决Centos7+Openvpn使用Windows AD验证登陆所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签: