L2TP / IPsec with authorization in samba - how can a user be assigned a specific IP address?

M

Maxim Grishin2018-08-23 12:27:18

CentOS

Maxim Grishin, 2018-08-23 12:27:18

There is a server on CentOS7, strongswan + xl2tpd + samba-winbind is up on it, pppd is configured to check MSCHAPv2 in the samba plugin. Everything works, but only with the range of IP addresses specified in xl2tpd. If I want to give someone an IP address that is different from this range, then I have nowhere to specify it! xl2tpd allocates an address from its pool before MSCHAPv2 authentication, and pppd, it seems, with this scheme, simply does not climb into its chap-secrets to read the IP address for the user from there. Or, alternatively, it does not get the correct username from the plugin after authentication is completed.
Accordingly, the question is, is it possible to bind an IP address to an L2TP / IPsec client when authorizing not through a file?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

mikes, 2018-10-13
@vesper-bot

The problem has a solution, but you need to use radius to connect vpn to active directory (freeradius is probably in your case) and then you can specify a static ip in the AD user attributes that he should receive.