Hello, I installed the openvpn-auth-ldap package and I want to use the Active Directory for authentication.
I Opened Active Directory Users And Computers. Clicked the View menu and selected Advanced Features. After it, I right-clicked on my username and selected the Properties, then clicked the "Object" tab. I found the following information: megaman.xyz/Informatic/Network/Central Office/Jason Long I right-clicked on the "Active Directory Users And Computers" and selected Properties and then clicked on the Attribute Editor tab, found the distinguishedName attribute: CN=NTDS Settings,CN=DC2-MainBranch,CN=Servers,CN=MainBranch,CN=Sites,CN=Configuration,DC=megaman,DC=xyz I edited the auth-ldap.conf file as below: <LDAP> URL ldap://DC2-MainBranch.megaman.xyz BindDN "CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz" Password MY_AD_Password Timeout 15 TLSEnable no FollowReferrals no </LDAP> <Authorization> BaseDN "OU=Informatic/Network/Central Office,dc=megaman,dc=xyz" SearchFilter "(samaccountname=%u)" RequxyzeGroup false <Group> BaseDN "CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz" SearchFilter "(samaccountname=%u)" MemberAttribute uniqueMember </Group> </Authorization> I started the OpenVPN and when I want to connect to my server, the client showed me "wrong credentials. Try again..." error. I checked the OpenVPN log and it showed me the following error: Unable to bind as CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz LDAP connect failed. 2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so 2023-09-02 02:25:39 10.0.2.16:56792 TLS Auth Error: Auth Username/Password verification failed for peer 2023-09-02 02:25:39 10.0.2.16:56792 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2023-09-02 02:25:39 10.0.2.16:56792 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted 2023-09-02 02:25:39 10.0.2.16:56792 Delayed exit in 5 seconds 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1) 2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1) 2023-09-02 02:25:39 10.0.2.16:56792 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 2023-09-02 02:25:39 10.0.2.16:56792 Peer Connection Initiated with [AF_INET]10.0.2.16:56792 2023-09-02 02:25:41 read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111) 2023-09-02 02:25:44 10.0.2.16:56792 SIGTERM[soft,delayed-exit] received, client-instance exiting To check the LDAP, I used the following command and it can see my Active Directory: # ldapsearch -H ldap://172.20.1.7 -D "ja...@megaman.xyz" -W How to solve it? Thank you. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
