Fail to Bind when using ldaps

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
petrocelli1966
OpenVpn Newbie
Posts: 16
Joined: Wed Dec 23, 2020 10:12 pm

Fail to Bind when using ldaps

Post by petrocelli1966 » Thu Jan 14, 2021 4:03 pm

Hi All,
I am setting up a new OpenVPN Server using LDAP auth against Active Directory and I have just on last issue to solve. Begging for a little patience please.
Authenticating against AD works fine but when I change ldap://192.168.1.1 to ldaps://192.168.1.1:636 in the auth-ldap.conf config file, I get the following error: LDAP bind failed immediately: Can't contact LDAP server. Unable to bind as openvpnquery@mydomain.net.

plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-ldap.so TLS Auth Error: Auth Username/Password verification failed for peer

I tried importing the VPN Server CA to the domain controllers but still no go. Is there anything else I could try? Would really appreciate any hints.

petrocelli1966
OpenVpn Newbie
Posts: 16
Joined: Wed Dec 23, 2020 10:12 pm

Re: Fail to Bind when using ldaps

Post by petrocelli1966 » Thu Jan 14, 2021 11:23 pm

Just a little update. I have put the domain controller ca file on the openvpn box also. Which line is it in auth-ldap.conf I should use to specify this ca? After some reading, I used ldapsearch to query the Domain controller on port 636. I got the error (unable to get local issuer certificate). Please help me to understand what the error means. I have been seeing a few articles on this but I don't understand why this happens and how to fix it. Could anyone help me please?

petrocelli1966
OpenVpn Newbie
Posts: 16
Joined: Wed Dec 23, 2020 10:12 pm

Re: Fail to Bind when using ldaps

Post by petrocelli1966 » Mon Jan 18, 2021 2:47 am

I have exported the root CA from the Active Directory Server to the openvpn box. I can connect to the AD Server using openssl s_client <AD_Server:636> -CAfile /path/to/PEM_file with no errors now but I still cannot connect using the plugin. I still get a failed login at the client and in the server logs I get the same error. I really can't seem to find out what is wrong. Any hints or ideas?

Post Reply