Your pfSense firewall has OpenVPN built into it already, and you can point pfSense authentication back to your samba AD. We support over 400 users in this model. The configuration file for OpenVPN is common to all users, and they authenticate with their AD credentials.> On Mar 14, 2020, at 7:21 AM, Michael Howard via samba <samba at lists.samba.org> wrote: > > On 14/03/2020 13:53, Marco Shmerykowsky via samba wrote: >> >> Probably not the best place to ask, but hopefully >> someone can point me in the right direction. >> >> I have a tiny business. We use Samba for file sharing >> and authentication in an AD setup. I'm running a >> pfsense appliance firewall. NAT on the internal >> network. >> >> Is there a way to allow employees to authenticate >> and access files to encourage remote work? >> >> What resource should I look to to figure this out? >> Really have no clue where to start. If it wasn't >> for Covid19, this would not be a need. >> >> Appreciate any pointers. > > Personally, I'd just setup an Openvpn server within your site, generate keys for each user as needed, open the firewall for the port(s) of your choice and finally setup the Openvpn clients on the users' laptops/pcs. Once the users connect they proceed as normal. The users 'home' network address should be different to the office network address range. > > Lots of docs on the Openvpn site. > > -- > Michael Howard > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
On 14/03/2020 14:43, gabben wrote:> Your pfSense firewall has OpenVPN built into it already, and you can > point pfSense authentication back to your samba AD. We support over > 400 users in this model. The configuration file for OpenVPN is common > to all users, and they authenticate with their AD credentials.Ahh, but can it bottom post :) -- Michael Howard
On Sat, Mar 14, 2020 at 8:33 AM Michael Howard via samba < samba at lists.samba.org> wrote:> On 14/03/2020 14:43, gabben wrote: > > Your pfSense firewall has OpenVPN built into it already, and you can > > point pfSense authentication back to your samba AD. We support over > > 400 users in this model. The configuration file for OpenVPN is common > > to all users, and they authenticate with their AD credentials. > Ahh, but can it bottom post :) > >I can!!! ..... when I remember. I like the Securepoint OpenVPN client compared to the "regular" OpenVPN client. It'll make life a bit easier for your users. However, I do generate individual certificates for my users in addition to AD credentials, but YMMV. But consider if you have software that's quite chatty ... like SMB or MS SQL ... the latency might make the experience painful. If these users are already 1:1, it might be better to consider RDP instead. Parallels RAS has a new 90-day and 180-day license plan at a pretty affordable price to help with this (I just talked to them yesterday). Contact me off list if you want more info. -Kris
On Sat, 2020-03-14 at 07:43 -0700, gabben via samba wrote:> Your pfSense firewall has OpenVPN built into it already, and you can > point pfSense authentication back to your samba AD. We support over > 400 users in this model. The configuration file for OpenVPN is common > to all users, and they authenticate with their AD credentials.can you give some example of configuration file for OpenVPN ? and more about howto ? Thank you, -- S?rgio M. B.
> Am 15.03.2020 um 08:21 schrieb S?rgio Basto via samba <samba at lists.samba.org>: > > ?On Sat, 2020-03-14 at 07:43 -0700, gabben via samba wrote: >> Your pfSense firewall has OpenVPN built into it already, and you can >> point pfSense authentication back to your samba AD. We support over >> 400 users in this model. The configuration file for OpenVPN is common >> to all users, and they authenticate with their AD credentials. > > can you give some example of configuration file for OpenVPN ? and more > about howto ?Hello, We also use this. The Documentation is very good: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/index.html The Clients are easily installed using the client export functionality. Regards Christian> > Thank you, > -- > S?rgio M. B. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Dr. Christian Naumer Unit Head Bioprocess Development B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Manfred Bender, Ludger Roedder Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen