{"id":321,"date":"2023-08-22T10:31:51","date_gmt":"2023-08-22T06:31:51","guid":{"rendered":"https:\/\/radioteh.ru\/?p=321"},"modified":"2023-08-22T10:44:44","modified_gmt":"2023-08-22T06:44:44","slug":"pfsense-openvpn-active-directory-%d1%82%d0%be%d0%bd%d0%ba%d0%be%d1%81%d1%82%d0%b8","status":"publish","type":"post","link":"https:\/\/radioteh.ru\/?p=321","title":{"rendered":"pfSense OpenVPN + Active Directory, \u0442\u043e\u043d\u043a\u043e\u0441\u0442\u0438"},"content":{"rendered":"\n

\u0412 \u0446\u0435\u043b\u043e\u043c, \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 Netgate \u0435\u0441\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438<\/a>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c «\u043e\u0434\u0438\u043d \u0432 \u043e\u0434\u0438\u043d», \u043d\u043e \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0430\u0434\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 LDAP (\u0438\u0437 Active Directory). <\/p>\n\n\n\n

\u0412 Windows \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u043d\u0435 \u043d\u0430\u0434\u043e, \u043a\u0440\u043e\u043c\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438, \u0430 \u0432 pfSense \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0432\u044f\u0437\u043a\u0443 \u0441 LDAP \u043f\u043e \u0432\u043e\u0442 \u044d\u0442\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 <\/a><\/p>\n\n\n\n

\u0427\u0442\u043e\u0431\u044b \u043d\u0435 \u043c\u043e\u0440\u043e\u0447\u0438\u0442\u044c\u0441\u044f \u0441 \u0442\u0435\u043c, \u043f\u043e\u0447\u0435\u043c\u0443 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0432\u0430\u0436\u043d\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0432\u0432\u0435\u0441\u0442\u0438 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u043f\u043e\u043b\u0435 «Bind credentials».<\/p>\n\n\n\n

\u0418\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u0438\u0431\u043e \u043a\u043e\u0440\u043e\u0442\u043a\u0443\u044e %username%, \u043b\u0438\u0431\u043e \u043a\u0430\u043d\u043e\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e «CN=username,CN=Users,DC=domain,DC=suffix»<\/p>\n\n\n\n

\u0412 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0436\u0438\u0437\u043d\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u043e\u0442\u0430\u0446\u0438\u044f username@domain.suffx (bob@example.local)<\/strong><\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

\u0415\u0449\u0451 \u043e\u0434\u0438\u043d \u0432\u0430\u0436\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 — \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f \u0432 LDAP \u0432 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u043c pfSense \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043d\u0435 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0433\u0440\u0443\u043f\u043f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 (CN, OU) \u0432 \u0432\u0430\u0448\u0435\u0439 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435, \u0442\u0430\u043a \u0447\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u0432\u0441\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0433\u043e \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 LDAP \u043f\u043e\u0434\u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f (\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430, CN, OU)<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"

\u0412 \u0446\u0435\u043b\u043e\u043c, \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 Netgate \u0435\u0441\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c «\u043e\u0434\u0438\u043d \u0432 \u043e\u0434\u0438\u043d», \u043d\u043e \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0430\u0434\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 LDAP (\u0438\u0437 Active Directory). \u0412 Windows \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u043d\u0435 \u043d\u0430\u0434\u043e, \u043a\u0440\u043e\u043c\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438, \u0430 \u0432 pfSense \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0432\u044f\u0437\u043a\u0443 \u0441 LDAP \u043f\u043e \u0432\u043e\u0442 \u044d\u0442\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u0427\u0442\u043e\u0431\u044b \u043d\u0435 \u043c\u043e\u0440\u043e\u0447\u0438\u0442\u044c\u0441\u044f \u0441 \u0442\u0435\u043c, … \u0427\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u0435\u0435 pfSense OpenVPN + Active Directory, \u0442\u043e\u043d\u043a\u043e\u0441\u0442\u0438<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[8],"tags":[41,73,34],"class_list":["post-321","post","type-post","status-publish","format-standard","hentry","category-8","tag-openvpn","tag-pfsense","tag-34"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/posts\/321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/radioteh.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=321"}],"version-history":[{"count":2,"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/posts\/321\/revisions"}],"predecessor-version":[{"id":328,"href":"https:\/\/radioteh.ru\/index.php?rest_route=\/wp\/v2\/posts\/321\/revisions\/328"}],"wp:attachment":[{"href":"https:\/\/radioteh.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radioteh.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radioteh.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}