[prev in list] [next in list] [prev in thread] [next in thread]
List: openvpn-users
Subject: [Openvpn-users] OpenVPN Authentication via Active Directory
From: Jason Long via Openvpn-users <openvpn-users () lists ! sourceforge ! net>
Date: 2023-09-02 7:59:41
Message-ID: 770331552.2154871.1693641581600 () mail ! yahoo ! com
[Download RAW message or body]
Hello,
I installed the openvpn-auth-ldap package and I want to use the Active Directory for \
authentication.
I Opened Active Directory Users And Computers. Clicked the View menu and selected \
Advanced Features. After it, I right-clicked on my username and selected the \
Properties, then clicked the "Object" tab. I found the following information:
megaman.xyz/Informatic/Network/Central Office/Jason Long
I right-clicked on the "Active Directory Users And Computers" and selected Properties \
and then clicked on the Attribute Editor tab, found the distinguishedName attribute:
CN=NTDS Settings,CN=DC2-MainBranch,CN=Servers,CN=MainBranch,CN=Sites,CN=Configuration,DC=megaman,DC=xyz
I edited the auth-ldap.conf file as below:
<LDAP>
URL ldap://DC2-MainBranch.megaman.xyz
BindDN "CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz" Password MY_AD_Password
Timeout 15
TLSEnable no
FollowReferrals no
</LDAP>
<Authorization>
BaseDN "OU=Informatic/Network/Central Office,dc=megaman,dc=xyz"
SearchFilter "(samaccountname=%u)"
RequxyzeGroup false
<Group>
BaseDN "CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz" SearchFilter "(samaccountname=%u)"
MemberAttribute uniqueMember
</Group>
</Authorization>
I started the OpenVPN and when I want to connect to my server, the client showed me \
"wrong credentials. Try again..." error.
I checked the OpenVPN log and it showed me the following error:
Unable to bind as CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz LDAP connect failed.
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: POST \
/usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 \
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: plugin function \
PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: \
/usr/lib/openvpn/openvpn-auth-ldap.so 2023-09-02 02:25:39 10.0.2.16:56792 TLS Auth \
Error: Auth Username/Password verification failed for peer 2023-09-02 02:25:39 \
10.0.2.16:56792 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 \
2023-09-02 02:25:39 10.0.2.16:56792 TLS: tls_multi_process: initial untrusted session \
promoted to semi-trusted 2023-09-02 02:25:39 10.0.2.16:56792 Delayed exit in 5 \
seconds 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' \
(status=1) 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' \
(status=1) 2023-09-02 02:25:39 10.0.2.16:56792 Control Channel: TLSv1.3, cipher \
TLSv1.3 TLS_AES_256_GCM_SHA384 2023-09-02 02:25:39 10.0.2.16:56792 Peer Connection \
Initiated with [AF_INET]10.0.2.16:56792 2023-09-02 02:25:41 read UDPv4 \
[ECONNREFUSED]: Connection refused (fd=6,code=111) 2023-09-02 02:25:44 \
10.0.2.16:56792 SIGTERM[soft,delayed-exit] received, client-instance exiting
To check the LDAP, I used the following command and it can see my Active Directory:
# ldapsearch -H ldap://172.20.1.7 -D "jason@megaman.xyz" -W
How to solve it?
Thank you.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic