'[Openvpn-users] OpenVPN Authentication via Active Directory'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvpn-users
Subject:    [Openvpn-users] OpenVPN Authentication via Active Directory
From:       Jason Long via Openvpn-users <openvpn-users () lists ! sourceforge ! net>
Date:       2023-09-02 7:59:41
Message-ID: 770331552.2154871.1693641581600 () mail ! yahoo ! com
[Download RAW message or body]

Hello,
I installed the openvpn-auth-ldap package and I want to use the Active Directory for \
authentication.

I Opened Active Directory Users And Computers. Clicked the View menu and selected \
Advanced Features. After it, I right-clicked on my username and selected the \
Properties, then clicked the "Object" tab. I found the following information:

megaman.xyz/Informatic/Network/Central Office/Jason Long

I right-clicked on the "Active Directory Users And Computers" and selected Properties \
and then clicked on the Attribute Editor tab, found the distinguishedName attribute:

CN=NTDS Settings,CN=DC2-MainBranch,CN=Servers,CN=MainBranch,CN=Sites,CN=Configuration,DC=megaman,DC=xyz



I edited the auth-ldap.conf file as below:

<LDAP>
    URL        ldap://DC2-MainBranch.megaman.xyz
    BindDN   "CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz"  Password    MY_AD_Password
    Timeout        15
    TLSEnable    no
    FollowReferrals no
</LDAP>
<Authorization>
    BaseDN        "OU=Informatic/Network/Central Office,dc=megaman,dc=xyz"
    SearchFilter  "(samaccountname=%u)"
    RequxyzeGroup    false
    <Group>
        BaseDN          "CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz"          SearchFilter  "(samaccountname=%u)"
        MemberAttribute    uniqueMember
    </Group>
</Authorization>

I started the OpenVPN and when I want to connect to my server, the client showed me \
"wrong credentials. Try again..." error.

I checked the OpenVPN log and it showed me the following error:

Unable to bind as CN=DC2-MainBranch,OU=Informatic/Network/Central \
Office,DC=megaman,DC=xyz LDAP connect failed.
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: POST \
/usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 \
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: plugin function \
PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: \
/usr/lib/openvpn/openvpn-auth-ldap.so 2023-09-02 02:25:39 10.0.2.16:56792 TLS Auth \
Error: Auth Username/Password verification failed for peer 2023-09-02 02:25:39 \
10.0.2.16:56792 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 \
2023-09-02 02:25:39 10.0.2.16:56792 TLS: tls_multi_process: initial untrusted session \
promoted to semi-trusted 2023-09-02 02:25:39 10.0.2.16:56792 Delayed exit in 5 \
seconds 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' \
(status=1) 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' \
(status=1) 2023-09-02 02:25:39 10.0.2.16:56792 Control Channel: TLSv1.3, cipher \
TLSv1.3 TLS_AES_256_GCM_SHA384 2023-09-02 02:25:39 10.0.2.16:56792 Peer Connection \
Initiated with [AF_INET]10.0.2.16:56792 2023-09-02 02:25:41 read UDPv4 \
[ECONNREFUSED]: Connection refused (fd=6,code=111) 2023-09-02 02:25:44 \
10.0.2.16:56792 SIGTERM[soft,delayed-exit] received, client-instance exiting

To check the LDAP, I used the following command and it can see my Active Directory:

# ldapsearch -H ldap://172.20.1.7 -D "jason@megaman.xyz" -W

How to solve it?

Thank you.


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic