Anyone help?
because the mail showed in web is messed.http://seclists.org/openvas/2013/q2/146
so I also pasted the mail to pastebin, here is the link.
http://pastebin.com/MJBfk4RD
From: [email protected]
To: [email protected]
Subject: LDAP authentication with Active Directory
Date: Fri, 26 Apr 2013 13:20:43 +0800
Hi,everyone,
I installed openvas6 on RHEL 6.2 recently (from Atomicorp Repository), now
I'm trying to get ldap support done, I found some useful links
below:http://seclists.org/openvas/2011/q1/125
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries/doc/example.auth.conf
We are using Microsoft Active Directory, it supports ldap authentication too.
usually we use "sAMAccountName" attribute instead of "uid" as the value needed
from client, we can use "sAMAccountName@DomainName" as DN to query something
from (AD) LDAP server.
Here are my settings in /var/lib/openvas/users/.auth.conf file.(tampered with
ldaphost name and domain),
#######start of ldap section in the config file#########[method:ldap]
order=2enable=trueldaphost=ldap.ABC.CORP.COMPANYauthdn=%[email protected]=sAMAccountNamerole-user-values=Test_User01;Test_User02role-admin-values=Test_User01allow-plaintext=true##end
of ldap config section##
I know allow-plaintext is not a good idea, but I have test with other
application, currently it doesn't support LDAPS or StartTLS.
I also changed "127" to "128" in /etc/openvas/openvasmd_log.conf, then restart
openvas management service, but still failed login with AD user. Here are
messages in the openvasmd.log file.
#start of logevent auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication
method configured but not enabled: method:ldap_connectevent
auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method configured
but not enabled: method:adslib serv: DEBUG:2013-04-26 04h27.41 utc :10375:
Shook hands with peer.lib auth: DEBUG:2013-04-26 04h27.41 utc :10375:
Authentication trial, order 1, method file -> 1. (w/method)lib auth:
DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order 2, method
ldap -> -1. (w/method)event auth:MESSAGE:2013-04-26 04h27.41 utc :10375:
Authentication error for user simba
#end of log
I ran tcpdump in server side to capture packages when I login with AD account,
found there was no connection attempt to LDAP server.I tested in both openvas6
and the other openvas5 box, got same result. Is there something I missed? any
help will be Appreciated.
I also try to test the ads method, but we have no "rule-attribute" or
"ruletype-attribute" in the AD schema. Anyway, it's enough if ldap method could
work well.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
