如何在 Windows 服务器上配置 OpenVPN,以便用户可以使用连接到域的相同用户名/密码进行连接?
答案1
我只需要创建一个 powershell 脚本来针对活动目录进行身份验证:
$username = $env:username
$password = $env:password
$FQDN = "mydomain.internal"
#authenticate the username/password to domain
function AD-Auth([String]$uid, [String]$pwd)
{
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$au = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain', $FQDN)
$au.ValidateCredentials($uid, $pwd)
}
#check users uid/pwd
if (Ad-Auth $username $password)
{
exit 0
}
else
{
exit 1
}
然后在服务器配置中使用它:
script-security 3
auth-user-pass-verify "'C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe' -ExecutionPolicy Bypass -File 'C:\\..\\adauth.ps1' via-env