Page 1 of 1

LDAP Auth Fail

Posted: Fri Mar 13, 2020 9:23 pm
by rpratt
My company is looking at using openVPN for all our full-time employees. We are primarily on a Windows Active Directory network. I've followed the various documentation and setup OpenVPN AS on CentOS8 and have configured the server for LDAP authentication. I'm getting the following message when testing the authentication with ./authcli . If I change the username slightly (to one that doesn't actually exist) I get a different error back from our service which seems to indicate they are communicating.

status : COM_FAULT
reason: not well-formed (invalid token): line 12, column 212: web/xmlrpb:456, python2.7/xmlrpclib:1144,python2.7/xmlrpclib:558 (xml.parsers.expat.Expaterrror)
user : rpratt

I've tried to find some help on the above message but can't seem to find anything specific to this an openVPN.

If anyone can point me in the right direction that would be great!

Thanks -

Re: LDAP Auth Fail

Posted: Fri Apr 10, 2020 1:12 am
by jsilvius
how are you pointing the the LDAP search, and do you have a bind account setup?
make sure your search is working first by widening your search, try just using the top of your AD "DC=company, DC=com"
I kept making the error using CN=Users instead of "OU=Users,DC=company,DC=com"

Re: LDAP Auth Fail

Posted: Tue Apr 14, 2020 3:49 pm
by Jayk
Did you find a resolution to this? I get this error for one Active Directory user whose account was working fine yesterday. Other users can login without issue.



Re: LDAP Auth Fail

Posted: Tue Apr 14, 2020 4:53 pm
by Jayk
I tracked down my issue and will post it here in case anyone else comes across this problem.

The Active Directory user in question was restricted to logging onto only certain computers in the Active Directory settings on the Windows Domain Controller. This prevented the authentication. Once I removed the restriction, OpenVPN authenticated this user over ldap without any issue.