Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 34138 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Active Directory to Authenticate Selected VPN Users

utmadm

I would like to set up a VPN at the company office, but limit access to only selected user accounts on our Windows Server. I have successfully created the Authentication Server in Definitions and Users, Authentication Services. The Test server settings and Authenticate example user Tests both pass.

When configuring a VPN, I can choose "Active Directory Users" for Users and Groups, but I cannot choose only a subset of those users.

What are the steps necessary to have a selectable list of active directory users for my VPN services? (Step by step, please.)

Will I be violating Bob's Rulz #6 if I allow users to use their Windows passwords to authenticate to the VPN?



This thread was automatically locked due to age.
Parents
  • 0

    utmadm said:

    Will I be violating Bob's Rulz #6 if I allow users to use their Windows passwords to authenticate to the VPN?

    No, #6 is related with "Prefetch Directory Users" option, if I understood Bob correctly...;)

Reply
  • 0

    utmadm said:

    Will I be violating Bob's Rulz #6 if I allow users to use their Windows passwords to authenticate to the VPN?

    No, #6 is related with "Prefetch Directory Users" option, if I understood Bob correctly...;)

Children
  • 0 in reply to vilic

    Although you can use a Backend Group in 'Users & Groups' in an SSL VPN Profile, you still need to sync the users in that group from AD.  Say you have a Security Group in AD named "VPN-Users" and you create a Backend Group "SSL VPN Users" in the UTM as scorpionking demonstrated.  You can now us thee "SSL VPN Users" object in your SSL VPN Profile and in 'Prefetch Directory Users'.  From then on, you can adjust SSL VPN access simply by changing the content of "VPN-Users" in AD.

    It sounds like you're almost there, but future visitors here might want to refer to a KnowledgeBase article: HTTP-S Proxy Access with AD-SSO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML