Thanks, Stefan.Yes, I had read your post before. I also asked atomicturtle @ openvasIRC who (maybe) is in charge of the openvas package maintenance, and he is sure that both binary packages for RHEL5 and RHEL6 are compiled with ldap support. regards,CC: [email protected] From: [email protected] Subject: Re: [Openvas-discuss] LDAP authentication with Active Directory Date: Sat, 11 May 2013 17:49:47 +0200 To: [email protected]
Maybe your version from repository was build without LDAP-support. See 1) at https://subversion.unibw.de/public/openvas/LDAP. Stefan Am 11.05.2013 um 16:20 schrieb YanQian <[email protected]>: Anyone help? because the mail showed in web is messed. http://seclists.org/openvas/2013/q2/146 so I also pasted the mail to pastebin, here is the link. http://pastebin.com/MJBfk4RD From: [email protected] To: [email protected] Subject: LDAP authentication with Active Directory Date: Fri, 26 Apr 2013 13:20:43 +0800 Hi,everyone, I installed openvas6 on RHEL 6.2 recently (from Atomicorp Repository), now I'm trying to get ldap support done, I found some useful links below:http://seclists.org/openvas/2011/q1/125 https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries/doc/example.auth.conf We are using Microsoft Active Directory, it supports ldap authentication too. usually we use "sAMAccountName" attribute instead of "uid" as the value needed from client, we can use "sAMAccountName@DomainName" as DN to query something from (AD) LDAP server. Here are my settings in /var/lib/openvas/users/.auth.conf file.(tampered with ldaphost name and domain), #######start of ldap section in the config file#########[method:ldap] order=2enable=trueldaphost=ldap.ABC.CORP.COMPANYauthdn=%[email protected]=sAMAccountNamerole-user-values=Test_User01;Test_User02role-admin-values=Test_User01allow-plaintext=true##end of ldap config section## I know allow-plaintext is not a good idea, but I have test with other application, currently it doesn't support LDAPS or StartTLS. I also changed "127" to "128" in /etc/openvas/openvasmd_log.conf, then restart openvas management service, but still failed login with AD user. Here are messages in the openvasmd.log file. #start of logevent auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method configured but not enabled: method:ldap_connectevent auth:MESSAGE:2013-04-26 04h27.11 utc :10370: Authentication method configured but not enabled: method:adslib serv: DEBUG:2013-04-26 04h27.41 utc :10375: Shook hands with peer.lib auth: DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order 1, method file -> 1. (w/method)lib auth: DEBUG:2013-04-26 04h27.41 utc :10375: Authentication trial, order 2, method ldap -> -1. (w/method)event auth:MESSAGE:2013-04-26 04h27.41 utc :10375: Authentication error for user simba #end of log I ran tcpdump in server side to capture packages when I login with AD account, found there was no connection attempt to LDAP server.I tested in both openvas6 and the other openvas5 box, got same result. Is there something I missed? any help will be Appreciated. I also try to test the ads method, but we have no "rule-attribute" or "ruletype-attribute" in the AD schema. Anyway, it's enough if ldap method could work well. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
