forums.xandros.com

BNovak · Xplorer Joined: 11 Aug 2006 Posts: 41

I seem to remember a thread (although I can't find it now) that stated that there were problems using a Xandros server to accept VPN connections from the Internet and validate the name/passwords against a Windows active directory domain. I tried this and it does work. If anyone needs step by step details, I can erase the drive I used and do it again while recording the detailed information.

The general steps were:

1 Use a computer with 2 network cards, one connected to the local network and one connected to the Internet.
2. Install Xandros Server including the firewall, VPN, and routing servers.
3. Assign fixed I/P addresses to both cards on the appropriate networks during installation.
4. Join the domain properly. This is the pain in the butt part since Xandros does not properly detect the existence of the domain during installation, but the topic has been covered in other threads here. I created a share just to verify that the Xandros server would see the active directory users as a test at this point.
5. Configure and start the firewall.
6. Go to the routing server and check the box to allow routing between network interfaces. (Not certain if this is required but it seemed like a good idea at the time) Very Happy

7. Configure the VPN settings in the VPN server module.
8. Go back to the firewall and allow the VPN access to the local network under defaults/through traffic.

That's it. I connected to the VPN from a notebook with a dial-up internet connection using an account that existed only in active directory and started Outlook. I was able to get the e-mail with no problems. As a side note, the Root account cannot connect since it does not exist in active directory. And any account that is used to connect must have allow dial up enabled in active directory. If anyone needs details on this process, please post here.

Thanks,
Bill

Gman8845 · Posted: Fri Jan 26, 2007 6:30 am Post subject:

BNovak,

Glad to hear you were successful. I'd like to know what OS was the client used for the connection? It appears (Outlook) that it was Windows, I was wondering if Xandros Desktop would connect as well.

Just a thought.
Have a great day!
_________________
Running on many systems, multi booting up to 5 Linux OSs on a demo machine, started when it was Coral Linux. Need to know more; just ask.
"I'm just a squirrel, Trying to get a nut!!"

BNovak · Xplorer Joined: 11 Aug 2006 Posts: 41

The client was Windows 2000.

The network is a Windows 2000 domain, active directory based network, running in native mode. All of the clients are either Windows 2000 or Windows XP.

Unfortunately I can't use Xandros as a client since there are just too many Windows programs (especially ODBC drivers) that won't work with it. Hmmm.... In order to test it, I'd need Xandros client on a computer with a modem so I could connect from "outside" of the network.... I'd have to swap hard drives in a spare computer and install Xandros. Perhaps I'll try that next week if I have the time.

Bill

juanfermin

juanfermin · Posted: Tue Mar 04, 2008 10:41 am Post subject: Xandros and Active Directory

I'm also using Xandros to Authenticate VPN's and it works fairly flawlessly, however, I did have some problems:
#1. Samba shares were not listing users in groups correctly.

The Fix? I found that by changing Authentication to Domain from ADS fixed this issue. Not sure if this is because my AD Server is running in Native Mode.

#2. Files that I imported and wanted to make available to Windows Users, were listed as being owned by root, and I couldn't change it to being owned by the users.

The Fix? the smb.conf file located in /etc/samba/ had to be edited to include the follwoing:
winbind enumerate users = yes
windbind enumerate groups = yes