[Openvas-discuss] LDAP authentication with Active Directory

Thu, 25 Apr 2013 22:25:56 -0700 

Hi,everyone,
    I installed openvas6 on RHEL 6.2 recently (from Atomicorp Repository), now 
I'm trying to get ldap support done, I found some useful links 
below:http://seclists.org/openvas/2011/q1/125
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries/doc/example.auth.conf

We are using Microsoft Active Directory, it supports ldap authentication too. 
usually we use "sAMAccountName" attribute instead of "uid" as the value needed 
from client, we can use "sAMAccountName@DomainName" as DN to query something 
from (AD) LDAP server.

Here are my settings in /var/lib/openvas/users/.auth.conf file.(tampered with 
ldaphost name and domain),
#######start of ldap section in the config file#########[method:ldap]
order=2enable=trueldaphost=ldap.ABC.CORP.COMPANYauthdn=%[email protected]=sAMAccountNamerole-user-values=Test_User01;Test_User02role-admin-values=Test_User01allow-plaintext=true##end
 of ldap config section##
I know allow-plaintext is not a good idea, but I have test with other 
application, currently it doesn't support LDAPS or StartTLS.
I also changed "127" to "128" in  /etc/openvas/openvasmd_log.conf, then restart 
openvas management service, but still failed login with AD user. Here are 
messages in the openvasmd.log file.
#start of logevent auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication 
method configured but not enabled: method:ldap_connectevent 
auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method configured 
but not enabled: method:adslib  serv:  DEBUG:2013-04-26 04h27.41 utc :10375:    
Shook hands with peer.lib  auth:  DEBUG:2013-04-26 04h27.41 utc :10375: 
Authentication trial, order 1, method file -> 1. (w/method)lib  auth:  
DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order 2, method 
ldap -> -1. (w/method)event auth:MESSAGE:2013-04-26 04h27.41 utc :10375: 
Authentication error for user simba
#end of log
I ran tcpdump in server side to capture packages when I login with AD account, 
found there was no connection attempt to LDAP server.I tested in both openvas6 
and the other openvas5 box, got same result. Is there something I missed?  any 
help will be Appreciated.
I also try to test the ads method, but we have no "rule-attribute" or 
"ruletype-attribute" in the AD schema. Anyway, it's enough if ldap method could 
work well.                                                                      
            
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to