Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
massive users import with TOTP access for VPN and exploitation
« previous
next »
Print
Pages: [
1
]
Author
Topic: massive users import with TOTP access for VPN and exploitation (Read 342 times)
adminexploit
Newbie
Posts: 3
Karma: 0
massive users import with TOTP access for VPN and exploitation
«
on:
September 24, 2024, 11:58:33 am »
Hi,
I've about 850 users to import from Active Directory to opnsense in order to play with openvpn + AD + TOTP authentcation.
Actually, I'm able to import just one single user which works fine. but it there a simple way to import 850 users ( Yeah, I can do it by clicking on cloud) AND generate TOTP token for each of them?
I plan to play with xml config file and restore it with a python script, but it's not very clean, and I've to reboot opnsense to import the new xml config file. Because I didn't find a way to do the job with API....
thanks for your helps.
Logged
adminexploit
Newbie
Posts: 3
Karma: 0
Re: massive users import with TOTP access for VPN and exploitation
«
Reply #1 on:
September 24, 2024, 01:32:22 pm »
I discoverd that users in /config/config.xml can be modified onlive. So.... I'm always to do it a better way.
Logged
Greg_E
Sr. Member
Posts: 342
Karma: 19
Re: massive users import with TOTP access for VPN and exploitation
«
Reply #2 on:
September 24, 2024, 03:19:38 pm »
After you modify that file, do a reboot to make sure it stays.
Can't you set up a radius server to handle this negotiation between AD and the VPN permissions? That's probably my first thought to try. I haven't looked at VPN access in a while, so can't remember if you can just give it access to the AD like you can for permissions on a file share (Truenas).
Logged
adminexploit
Newbie
Posts: 3
Karma: 0
Re: massive users import with TOTP access for VPN and exploitation
«
Reply #3 on:
September 24, 2024, 06:35:46 pm »
I don't know how radius server can help me to manage user's TOTP token. I discovered a magical option who can make user to manage thier own TOTP token at:
System: Settings: Administration: User OTP seed
I create a specific group and associate System: User Password Manager privilege to it. I added user to this group but, user can not loggin, even the password is correct:
2024-09-24T18:29:40 Informational configd.py action allowed system.event.config_changed for user root
2024-09-24T18:29:39 Notice audit /index.php: User logged out for user 'test' from: 172.21.22.15
2024-09-24T18:29:39 Notice audit /index.php: Successful login for user 'test' from: 172.21.22.15
so, as you can see, I'm loggin, and... logged out immediatly, and root did something I don't know what to kick me out of the group.
When give to myself Password Manager privilege on my own profile page, I can loggin to change my password, which is not good since I'm imported from AD, but I don't have options to change or generate TOTP token......
If users can interacte with thier password managment page, that would be perfect, but it seems to bugging or I missed something.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
massive users import with TOTP access for VPN and exploitation