On Sun, Jan 8, 2017 at 3:00 PM, <selva.n...@gmail.com> wrote:
> From: Selva Nair <selva.n...@gmail.com>
>
> Currently the username unqualified by the domain is used to validate
> a user which fails for domain users. Instead compare the user's SID
> with SIDs in the Administrators group and ovpn_admin_group.
>
> This has the advantage that connection to a domain controller is not
> required and will work even when user is logged in with cached credentials.
>
> Limitations:
> (i) Group membership is not checked recursively
> (ii) Domain administrators will not be recognized as members of local
> Administrators group.
>
> Resolves Trac: #810
>
Tested on Windows 7 as local user and domain user.
Also tested by jiquera as described in Trac: #810
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
