Changes between Version 1 and Version 2 of Ticket #1383, comment 1


Ignore:
Timestamp:
02/05/21 19:10:11 (6 months ago)
Author:
Selva Nair
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1383, comment 1

    v1 v2  
    1 Nested groups in on premise AD has been tested in the past and does work: like user is in a Domain local group named "Developers" which in turn is a member of the local "OpenVPN Administrators" group. This could be managed using GPO. I haven't personally tested this with Azure, but see https://community.openvpn.net/openvpn/ticket/810 for a related discussion where others have reported success with Azure AD.
     1Nested groups in on premise AD has been tested in the past and does work: like user is in a Domain local group named "Developers" which in turn is a member of the local "OpenVPN Administrators" group. This could be managed using GPO. I haven't personally tested this with Azure, but see #810 https://community.openvpn.net/openvpn/ticket/810#comment25 (comment 25 onwards) for a related discussion where others have reported success with Azure AD.
    22
    33Does {{{whoami /groups /fo list}}} show the "machine-name\OpenVPN Administrtaors" in the list of groups? Note that the user may have to re-login to the domain after any change in group membership for the process token to reflect it.