Maybe your version from repository was build without LDAP-support. See 1) at https://subversion.unibw.de/public/openvas/LDAP.
Stefan Am 11.05.2013 um 16:20 schrieb YanQian <[email protected]>: > Anyone help? > > because the mail showed in web is messed. > http://seclists.org/openvas/2013/q2/146 > > so I also pasted the mail to pastebin, here is the link. > http://pastebin.com/MJBfk4RD > > From: [email protected] > To: [email protected] > Subject: LDAP authentication with Active Directory > Date: Fri, 26 Apr 2013 13:20:43 +0800 > > Hi,everyone, > I installed openvas6 on RHEL 6.2 recently (from Atomicorp Repository), > now I'm trying to get ldap support done, I found some useful links below: > http://seclists.org/openvas/2011/q1/125 > https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries/doc/example.auth.conf > > We are using Microsoft Active Directory, it supports ldap authentication too. > usually we use "sAMAccountName" attribute instead of "uid" as the value > needed from client, we can use "sAMAccountName@DomainName" as DN to query > something from (AD) LDAP server. > > Here are my settings in /var/lib/openvas/users/.auth.conf file.(tampered with > ldaphost name and domain), > > #######start of ldap section in the config file######### > [method:ldap] > order=2 > enable=true > ldaphost=ldap.ABC.CORP.COMPANY > authdn=%[email protected] > role-attribute=sAMAccountName > role-user-values=Test_User01;Test_User02 > role-admin-values=Test_User01 > allow-plaintext=true > ##end of ldap config section## > > I know allow-plaintext is not a good idea, but I have test with other > application, currently it doesn't support LDAPS or StartTLS. > > I also changed "127" to "128" in /etc/openvas/openvasmd_log.conf, then > restart openvas management service, but still failed login with AD user. Here > are messages in the openvasmd.log file. > > #start of log > event auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method > configured but not enabled: method:ldap_connect > event auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method > configured but not enabled: method:ads > lib serv: DEBUG:2013-04-26 04h27.41 utc :10375: Shook hands with peer. > lib auth: DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order > 1, method file -> 1. (w/method) > lib auth: DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order > 2, method ldap -> -1. (w/method) > event auth:MESSAGE:2013-04-26 04h27.41 utc :10375: Authentication error for > user simba > > #end of log > > I ran tcpdump in server side to capture packages when I login with AD > account, found there was no connection attempt to LDAP server. > I tested in both openvas6 and the other openvas5 box, got same result. > Is there something I missed? any help will be Appreciated. > > I also try to test the ads method, but we have no "rule-attribute" or > "ruletype-attribute" in the AD schema. Anyway, it's enough if ldap method > could work well. > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
