I installed the openvpn-auth-ldap package and I want to use the Active Directory for authentication.
I Opened Active Directory Users And Computers application on Windows OS. Clicked the View menu and selected Advanced Features. After it, I right-clicked on my username and selected the Properties, then clicked the Object tab. I found the following information:
Code: Select all
megaman.xyz/Informatic/Network/Central Office/Jason Long
Code: Select all
CN=NTDS Settings,CN=DC2-MainBranch,CN=Servers,CN=MainBranch,CN=Sites,CN=Configuration,DC=megaman,DC=xyz
Code: Select all
<LDAP>
URL ldap://DC2-MainBranch.megaman.xyz
BindDN "CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz"
Password MY_AD_Password
Timeout 15
TLSEnable no
FollowReferrals no
</LDAP>
<Authorization>
BaseDN "OU=Informatic/Network/Central Office,dc=megaman,dc=xyz"
SearchFilter "(samaccountname=%u)"
RequxyzeGroup false
<Group>
BaseDN "CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz"
SearchFilter "(samaccountname=%u)"
MemberAttribute uniqueMember
</Group>
</Authorization>
I checked the OpenVPN log and it showed me the following error:
Code: Select all
Unable to bind as CN=DC2-MainBranch,OU=Informatic/Network/Central Office,DC=megaman,DC=xyz
LDAP connect failed.
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
2023-09-02 02:25:39 10.0.2.16:56792 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
2023-09-02 02:25:39 10.0.2.16:56792 TLS Auth Error: Auth Username/Password verification failed for peer
2023-09-02 02:25:39 10.0.2.16:56792 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-09-02 02:25:39 10.0.2.16:56792 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted
2023-09-02 02:25:39 10.0.2.16:56792 Delayed exit in 5 seconds
2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
2023-09-02 02:25:39 10.0.2.16:56792 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
2023-09-02 02:25:39 10.0.2.16:56792 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
2023-09-02 02:25:39 10.0.2.16:56792 Peer Connection Initiated with [AF_INET]10.0.2.16:56792
2023-09-02 02:25:41 read UDPv4 [ECONNREFUSED]: Connection refused (fd=6,code=111)
2023-09-02 02:25:44 10.0.2.16:56792 SIGTERM[soft,delayed-exit] received, client-instance exiting
Code: Select all
# ldapsearch -H ldap://172.20.1.7 -D "jason@megaman.xyz" -W
Thank you.