On Thu, Aug 24, 2006 at 11:12:28AM +0200, [EMAIL PROTECTED] wrote:
The nessusd.message of the server says : check_user: Bad DN for user secadm Given DN=/C=FR/ST=Ile de France/L=Massy/O=Alcanet/OU=DC_SECURITY/CN=secadm/[EMAIL PROTECTED] Last tried DN=/C=FR/ST=Ile de France/L=Massy/O=Alcanet/OU=DC_SECURITY/CN=secadm/[EMAIL PROTECTED]
"Given" comes from the certificate passed by the client during the connection; "Last tried" reports what nessusd found in the dname file for the connecting user.
Where is the mistake ?
The issue likely arises because you have an older version of OpenSSL. Starting somewhere between versions 0.9.6h and 0.9.7b (I'm not sure exactly), OpenSSL changed its output format to use "emailAddress=" rather than "Email=". The nessus-mkcert-client script hardcodes emailAddress.
So, to solve your issue, edit the dname file for the user and change "emailAddress=" to "Email="; the change will become effectively immediately w/o needing to restart nessusd. And if you do someday upgrade OpenSSL, keep in mind you will need to make the reverse change or you'll have a similar issue for all your Nessus users.
George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
