Corporate VPN service with separate nets for different users/groups
Hi
We are going to host some services for customers with separate private networks for each customer. Each customer will need one or more users.
I have to put up a VPN solution, and I would like to use something that will work on "any" platform, easily, without too much installation/configuration. I feel PPTP is a good option since the "agent" is included on most platforms. We have a firewall/router on a Debian Linux server, and I'd like to extend it's services to include the VPN service. It has access to all nets, so it should be easier to get that to work.
My firewall/router has four interfaces, but only three of concern. eth0 is the outside, eth1 is the inside and eth2 is DMZ. I use proxyarp to get traffic from eth0 to eth2, with iptables filtering. eth1 has three internal nets in the 192.168.* series. The new nets I want to use for customers will be separate VLAN's on that interface with 10.20.x.* addresses. The firewall/router will of course have an IP in each of these (typically .1).
The big question is how to set this up? Can pptpd be used? Should this be done on a separate server?
Hello everybody,
I used to log in to my office via PPTP VPN, but on last October 5th I updated my installed Debian Squeeze and it caused my VPN service (client-side) to fail. After this upgrade I'm unable to log in to the VPN server. Here follows the log:
#tail -f /var/log/messages
Plugin... (0 Replies)
Hi
Could anyone please suggest how we can check in Linux if a user or a group name is already existing? In case of a user the command should also be able to specify the user with a given directory and shell. We can of course check this using a grep command but since that is just a pattern match,... (12 Replies)
Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance
Using Red Hat and here are the issues:
Example:
Users:
Bob
Mark
Groups:
SystemsAnalysts
BusinessAnalysts
If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Hi
I am new to unix so hopefully someone can help. I need to list all the users I have in my unix enviroment (AIX) and the groups (primary and secondary) they belong to.
Can anyone help?
Many thanks in advance (2 Replies)
How do I remove a user from a group? I'm using the usermod command but its not working.
I have a user "abc" who is a member of the groups root and other. I'm trying to remove him from the group "other" (using CLI) which is his secondary group but it's not working.
How do I do this? Is there any... (11 Replies)
hi eveyone i've recently requested my unix admin to create a userid for 2 groups. He created the id and i can see it by grep "id" /etc/group.
But when i login with that id into unix and try to cd that group it says permission denied. something like cd /groupname -- permission denied
Can my admin... (1 Reply)
RH 7.2
I'm trying to list the users & groups on my machine. I found the lsuser & lsgroup commands but no associated man pages.
I typed: lsuser
I get --> Valid options are: -a
So I typed: lsuser -a
I get --> Valid options are: groups, home
So I typed: lsuser -a groups
I get -->... (2 Replies)
zone2ldap(1) General Commands Manual zone2ldap(1)NAME
zone2ldap /- Load BIND 9 Zone files into LDAP Directory
SYNOPSIS
zone2ldap [-D Bind DN] [-w Bind Password] [-b Base DN] [-z Zone] [-f Zone File ] [-h Ldap Host] [-cd] [-v]
DESCRIPTION
zone2ldap will parse a complete BIND 9 format DNS zone file, and load the contents into an LDAP directory, for use with the LDAP sdb back-
end.
If the zone already exists, zone2ldap will exit succesfully. If the zone does not exists, or partially exists, zone2ldap will attempt to
add all/missing zone data.
Options
-b LDAP Base DN. LDAP systems require a "base dn", which is generally considered the LDAP Directory root. If the zone you are loading
is different from the base, then you will need to tell zone2ldap what your LDAP base is.
-v Print version information, and immediatly exit.
-f Zone file. Bind 9.1 compatible zone file, from which zone information will be read.
-d Dump debug information to standard out.
-w LDAP Bind password, corresponding the the value of "-b".
-h LDAP Directory host. This is the hostname of the LDAP system you wish to store zone information on. An LDAP server should be lis-
tening on port 389 of the target system. This may be ommited, and will default to "localhost".
-c This will create the zone portion of the DN you are importing. For instance, if you are creating a domain.com zone, zone2ldap should
first create "dc=domain,dc=com". This is useful if you are creating multiple domains.
-z This is the name of the zone specified in the SOA record.
EXAMPLES
Following are brief examples of how to import a zone file into your LDAP DIT.
Loading zone domain.com, with an LDAP Base DN of dc=domain,dc=com
zone2ldap -D dc=root -w secret -h localhost -z domain.com -f domain.com.zone
This will add Resource Records into an ALREADY EXISTING dc=domain,dc=com. The final SOA DN in this case, will be dc=@,dc=domain,dc=com
Loading customer.com, if your LDAP Base DN is dc=provider,dc=net.
zone2ldap -D dc=root -w secret -h localhost -z customer.com -b dc=provider,dc=net -f customer.com.zone -c
This will create dc=customer,dc=com under dc=provider,dc=net, and add all necessary Resource Records. The final root DN to the SOA will be
dc=@,dc=customer,dc=com,dc=provider,dc=net.
SEE ALSO named(8)ldap(3) http://www.venaas.no/ldap/bind-sdb/
BUGS
Send all bug reports to Jeff McNeil <jeff@snapcase.g-rock.net>
AUTHOR
Jeff McNeil <jeff@snapcase.g-rock.net>
8 March 2001 zone2ldap(1)