LDAP Auth Fail

Post Reply
rpratt
OpenVpn Newbie
Posts: 1
Joined: Fri Mar 13, 2020 9:14 pm

LDAP Auth Fail

Post by rpratt » Fri Mar 13, 2020 9:23 pm

My company is looking at using openVPN for all our full-time employees. We are primarily on a Windows Active Directory network. I've followed the various documentation and setup OpenVPN AS on CentOS8 and have configured the server for LDAP authentication. I'm getting the following message when testing the authentication with ./authcli . If I change the username slightly (to one that doesn't actually exist) I get a different error back from our service which seems to indicate they are communicating.

status : COM_FAULT
reason: not well-formed (invalid token): line 12, column 212: web/xmlrpb:456, python2.7/xmlrpclib:1144,python2.7/xmlrpclib:558 (xml.parsers.expat.Expaterrror)
user : rpratt


I've tried to find some help on the above message but can't seem to find anything specific to this an openVPN.

If anyone can point me in the right direction that would be great!

Thanks -

jsilvius
OpenVpn Newbie
Posts: 4
Joined: Thu Apr 09, 2020 7:45 pm

Re: LDAP Auth Fail

Post by jsilvius » Fri Apr 10, 2020 1:12 am

how are you pointing the the LDAP search, and do you have a bind account setup?
make sure your search is working first by widening your search, try just using the top of your AD "DC=company, DC=com"
I kept making the error using CN=Users instead of "OU=Users,DC=company,DC=com"

Jayk
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 14, 2020 3:47 pm

Re: LDAP Auth Fail

Post by Jayk » Tue Apr 14, 2020 3:49 pm

Did you find a resolution to this? I get this error for one Active Directory user whose account was working fine yesterday. Other users can login without issue.

Thanks,

Jason

Jayk
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 14, 2020 3:47 pm

Re: LDAP Auth Fail

Post by Jayk » Tue Apr 14, 2020 4:53 pm

I tracked down my issue and will post it here in case anyone else comes across this problem.

The Active Directory user in question was restricted to logging onto only certain computers in the Active Directory settings on the Windows Domain Controller. This prevented the authentication. Once I removed the restriction, OpenVPN authenticated this user over ldap without any issue.

Cheers,

Jason

Post Reply