Problems with using Additional LDAP Requirement
Posted: Sun Apr 04, 2021 10:24 pm
Hello there,
so I set up a OpenVPN Access Server for our company a few months ago. All working fine. Now I wanted to use "Additional LDAP Requirement:" with the following input "memberOf=CN=VPNtesting, CN=Users, DC=IT, DC=LOCAL". I created a security group on our active directory called VPNtesting and put my username into it.
If I try the auth script by OpenVPN the following error appears:
administrator@OAS017:/usr/local/openvpn_as/scripts$ sudo ./authcli -u <myusername> -p <mypassword>
API METHOD: authenticate
AUTH_RETURN
status : FAIL
reason : user not found that meets specified requirements: memberOf=CN=VPNtesting, CN=Users, DC=IT, DC=LOCAL
user : <myusername>
When I change the ad group security group setting to local, global or universal. I still get the same error message. The VPN works tho when I leave the "Additional LDAP Requirement:" blank.
So it has to be a syntax based error. Some additional info: we run a 2012 Windows Server with AD on it.
Can someone help me out here?
so I set up a OpenVPN Access Server for our company a few months ago. All working fine. Now I wanted to use "Additional LDAP Requirement:" with the following input "memberOf=CN=VPNtesting, CN=Users, DC=IT, DC=LOCAL". I created a security group on our active directory called VPNtesting and put my username into it.
If I try the auth script by OpenVPN the following error appears:
administrator@OAS017:/usr/local/openvpn_as/scripts$ sudo ./authcli -u <myusername> -p <mypassword>
API METHOD: authenticate
AUTH_RETURN
status : FAIL
reason : user not found that meets specified requirements: memberOf=CN=VPNtesting, CN=Users, DC=IT, DC=LOCAL
user : <myusername>
When I change the ad group security group setting to local, global or universal. I still get the same error message. The VPN works tho when I leave the "Additional LDAP Requirement:" blank.
So it has to be a syntax based error. Some additional info: we run a 2012 Windows Server with AD on it.
Can someone help me out here?