Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot LDAP with win 2016 but LDAP normal with win2012 (active directory) #82

Open
SaiiiaS opened this issue Feb 22, 2021 · 0 comments
Open

Cannot LDAP with win 2016 but LDAP normal with win2012 (active directory) #82

SaiiiaS opened this issue Feb 22, 2021 · 0 comments

Comments

@SaiiiaS
Copy link

SaiiiaS commented Feb 22, 2021

I use LDAP + OTP plugin and i have an issue with openvpn-auth-ldap:
OS: ubuntu 18.04
OpenVPN: newest

  1. I install openvpn-auth-ldap use apt:
  • Cant add option PasswordIsCR to auth-ldap.conf
  • Can authen with LDAP (both win 2012 and win2016)
  1. I install use git clone https://github.com/threerings/openvpn-auth-ldap.git
  • I can authen (LDAP) with win 2012R2 but i cant authen with win 2016
log

Mon Feb 22 13:17:05 2021 us=131562 10.0.10.11:49210 peer info: IV_PLAT=win
Mon Feb 22 13:17:05 2021 us=131572 10.0.10.11:49210 peer info: IV_NCP=2
Mon Feb 22 13:17:05 2021 us=131580 10.0.10.11:49210 peer info: IV_TCPNL=1
Mon Feb 22 13:17:05 2021 us=131587 10.0.10.11:49210 peer info: IV_PROTO=2
Mon Feb 22 13:17:05 2021 us=131595 10.0.10.11:49210 peer info: IV_LZO_STUB=1
Mon Feb 22 13:17:05 2021 us=131603 10.0.10.11:49210 peer info: IV_COMP_STUB=1
Mon Feb 22 13:17:05 2021 us=131610 10.0.10.11:49210 peer info: IV_COMP_STUBv2=1
Mon Feb 22 13:17:05 2021 us=131617 10.0.10.11:49210 peer info: IV_GUI_VER=OCWindows_3.2.2-1455
Mon Feb 22 13:17:05 2021 us=131625 10.0.10.11:49210 peer info: IV_SSO=openurl
Mon Feb 22 13:17:05 2021 us=131632 10.0.10.11:49210 peer info: IV_BS64DL=1
LDAP search failed: Timed out
LDAP user "user" was not found.
Mon Feb 22 13:17:20 2021 us=684657 10.0.10.11:49210 PLUGIN_CALL: POST /usr/local/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Mon Feb 22 13:17:20 2021 us=684728 10.0.10.11:49210 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-ldap.so
OTP-AUTH: authentication succeeded for username 'user', remote 10.0.10.11:49210
Mon Feb 22 13:17:20 2021 us=684887 10.0.10.11:49210 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-otp.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mon Feb 22 13:17:20 2021 us=684978 10.0.10.11:49210 TLS Auth Error: Auth Username/Password verification failed for peer
Mon Feb 22 13:17:20 2021 us=685025 10.0.10.11:49210 SIGTERM[soft,auth-control-exit] received, client-instance exiting
Mon Feb 22 13:17:20 2021 us=685239 TCP/UDP: Closing socket

#################

####### auth-ldap.conf ######

URL ldap://10.0.10.10
BindDN "CN=Administrator,CN=Users,DC=test,DC=vn"
Password 123@123Aa
Timeout 15
TLSEnable no
FollowReferrals yes


BaseDN "DC=test,DC=vn"
SearchFilter "(sAMAccountName=%u)"
RequireGroup false
PasswordIsCR true

server.conf

reneg-sec 0
plugin /usr/local/lib/openvpn-auth-ldap.so "/etc/openvpn/auth-ldap.conf"
plugin "/usr/lib/openvpn/openvpn-otp.so" "password_is_cr=1 otp_secrets=/etc/ppp/otp-secrets"
@SaiiiaS SaiiiaS changed the title Cannot LDAP with win 2016 but LDAP normal with win2012 Cannot LDAP with win 2016 but LDAP normal with win2012 (active directory) Feb 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SaiiiaS