diff --git a/defaults/main.yml b/defaults/main.yml
index d52a08b..c7b6f61 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,6 +48,7 @@ openvpn_key_size: 1024
 
 openvpn_clients: [client]                         # Make clients certificate
 openvpn_clients_revoke: []                        # Revoke clients certificates
+openvpn_client_cert_not_required: []              # Disable client certificate checking
 
 # Use PAM authentication
 openvpn_use_pam: yes
diff --git a/templates/server.conf.j2 b/templates/server.conf.j2
index 0c52c00..41e1972 100644
--- a/templates/server.conf.j2
+++ b/templates/server.conf.j2
@@ -147,8 +147,12 @@ group nogroup
 client-to-client
 {% endif %}
 
-{% if openvpn_use_pam %}
+{% if openvpn_client_cert_not_required %}
 client-cert-not-required
+{% else %}
+username-as-common-name
+{% endif %}
+{% if openvpn_use_pam %}
 plugin {{openvpn_use_pam_plugin|default(openvpn_use_pam_plugin_distribution)}} openvpn
 {% endif %}
 
diff --git a/vars/Debian.stretch.yml b/vars/Debian.stretch.yml
new file mode 100644
index 0000000..432c341
--- /dev/null
+++ b/vars/Debian.stretch.yml
@@ -0,0 +1,4 @@
+---
+
+openvpn_use_pam_plugin_distribution: /usr/lib/openvpn/openvpn-plugin-auth-pam.so
+openvpn_use_ldap_plugin_distribution: /usr/lib/openvpn/openvpn-auth-ldap.so