ops.point808.com/ovpn-ad-sync
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Josh North 2014-12-03 14:36:37 -05:00
parent 91d33aa6cd
commit f64f493c00
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -37,7 +37,7 @@ The below instructions make the following assumptions. If you use a different s
1. Install and configure all pre-requisites listed above
2. Clone the repository `sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync`
3. Copy RSA directory `sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa`
4. Edit RSA variable file - IMPORTANT! `sudo nano /etc/openvpn/rsa/vars`
4. Edit RSA variable file - IMPORTANT! Make sure you use 2048 instead of 1024!!! `sudo nano /etc/openvpn/rsa/vars`
5. Build RSA CA
```
sudo -s
@ -46,16 +46,18 @@ source ./vars
./build-ca
./build-dh
./build-key-server vpn.example.com
exit
```
6. sudo cp -R /tmp/ovpn-ad-sync/
5. Create openvpn server config file
make ldap config file
edit /etc/openvpn/rsa/vars correctly
in rsa dir do source ./vars, build-ca, build-dh, and build-key-server
MAKE SURE you use 2048 not 1024 it will break script and i don;t care becuase it's more secure anyway
copy script file to /usr/local/bin/oas.sh ansd chmod +x
make directory for client files (/etc/openvpn/oas_clients)
copy template file for clients into client directory
edit oas.sh to iproper parameters
copy user guide to client directory
add to cron every 15 minutes or whatever
6. Copy client directory to openvpn directory `sudo cp -R /tmp/ovpn-ad-sync/oas_clients /etc/openvpn`
7. Edit the client template to match your IP, etc `sudo nano /etc/openvpn/oas_clients/template.ovpn`
7. Copy server files into place `sudo cp -R /tmp/ovpn-ad-sync/oas_configs/* /etc/openvpn`
8. Edit server file `sudo nano /etc/openvpn/vpn.example.com.conf`
9. Edit LDAP auth file `sudo nano /etc/openvpn/vpn.example.com.ldap`
10. Copy main program into place `sudo cp /tmp/ovpn-ad-sync/ovpn-ad-sync.sh /usr/local/bin`
11. Edit main program variables - IMPORTANT! `sudo nano /usr/local/bin/ovpn-ad-sync.sh`
12. Allow program to execute `sudo chmod +x /usr/local/bin/ovpn-ad-sync.sh`
13. On your Active Directory, make sure you have created a group (by default, OpenVPNUsers).
14. On your Active Directory, make sure the oas_user exists and has a proper password set.
15. Check the rest of the items in the assumptions list above and double-check they are all checked before running.
16. All checked? Let's add it to cron. `sudo crontab -e` and add a line like this `0,10,20,30,40,50 * * * * /usr/local/bin/ovpn-ad-sync.sh >/dev/null 2>&1`
17. Now go to Active Directory and add a new user, set a valid email address for them, and add them to the group. Within 10 minutes that email should receive a message with the config and user guide attached!