Well.. for comparison here is what I have (sanitized of course):
----------------------- [root@ openvas]# rpm -qa | grep openvas-mana openvas-manager-4.0.0-9.el6.art.x86_64 [[email protected] users]# pwd /var/lib/openvas/users [[email protected] users]# more .auth.conf # Remote Authentication and authorization against an LDAP Directory, needs # libraries to be compiled with ldap support # (pass -DBUILD_WITH_LDAP=ON to cmake). [method:ldap] order=2 enable=true # Might contain port like in "host.domain:123" ldaphost=ldap.xxx.net authdn=uid=%s,ou=people,dc=xxx,dc=net # Leave empty if authentication alone is enough to qualify as user role-attribute=uid role-user-values=user;admin;ggalitz;john role-admin-values=admin;ggalitz;john rule-attribute=x-gsm-accessrule ruletype-attribute=x-gsm-accessruletype # If your ldapd does not speak StartTLS you could allow plaintext password # transfer (you should never do this). allow-plaintext=false > Thanks, but has nothing to do...I still got the error. > Do you have any ideas? > > ------------------------------------------------------------------------ > Cristian Iconaru > > just network services GmbH > klausenburger str. 9 > 81677 münchen > fon +49 89 16785623 > fax +49 89 167856-75 > www.junese.de > > geht nicht gibt's nicht! > ------------------------------------------------------------------------ > registergericht: münchen HRB 12 41 39, Steuernummer 829/29256, UstID > DE199333706, geschäftsführer: Oliver Prebeck, Martin Baumgartner > > Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten > Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail > oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form > der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des > Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall > mit dem Absender der E-Mail in Verbindung zu setzen. > The information contained in this email is intended solely for the > addressee. Access to this email by anyone else is unauthorized. If you are > not the intended recipient, any form of disclosure, reproduction, > distribution or any action taken or refrained from in reliance on it, is > prohibited and may be unlawful. Please notify the sender > immediately.-----Ursprüngliche Nachricht----- > Von: Geoff Galitz [mailto:[email protected]] > Gesendet: Montag, 3. März 2014 15:56 > An: Cristian Iconaru > Cc: Stefan Schwarz; [email protected] > Betreff: Re: [Openvas-discuss] OpenVAS 6 LDAP/ADS Authentication Error > > > Did you notice the typo "highlighted below": > > --------------------------- > auth.conf is in /usr/local/var/lib/openvas/users > > [method:file] > order=1 > enabled=true > > ...the other methods are disabled till > > [method:ads] > order=3 > enable=true > # Might contain port like "host.domain:123" > ldaphost=192.168.10.1 > authdn=%s@domain > domain=domain.de > role-attribute=memberof > role-user-values=CN=user,OU=..,OU=..,OU=..,DC=domina,DC=de > <-------------------- > role-admin-values=CN=admin,OU=..,OU=..,OU=..,DC=domain,DC=de > rule-attribute=rules > > ---------------------------- > >> Hi Stefan, >> >> auth.conf is in /usr/local/var/lib/openvas/users >> >> [method:file] >> order=1 >> enabled=true >> >> ...the other methods are disabled till >> >> [method:ads] >> order=3 >> enable=true >> # Might contain port like "host.domain:123" >> ldaphost=192.168.10.1 >> authdn=%s@domain >> domain=domain.de >> role-attribute=memberof >> role-user-values=CN=user,OU=..,OU=..,OU=..,DC=domina,DC=de >> role-admin-values=CN=admin,OU=..,OU=..,OU=..,DC=domain,DC=de >> rule-attribute=rules >> ruletype-attribute=ruletype >> >> What would be the right values for the role attributes? >> >> Thanks. >> Regards >> >> ---------------------------------------------------------------------- >> -- >> Cristian Iconaru >> >> just network services GmbH >> klausenburger str. 9 >> 81677 münchen >> fon +49 89 16785623 >> fax +49 89 167856-75 >> www.junese.de >> >> geht nicht gibt's nicht! >> ---------------------------------------------------------------------- >> -- >> registergericht: münchen HRB 12 41 39, Steuernummer 829/29256, UstID >> DE199333706, geschäftsführer: Oliver Prebeck, Martin Baumgartner >> >> Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten >> Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser >> E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass >> jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder >> Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, >> sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. >> The information contained in this email is intended solely for the >> addressee. Access to this email by anyone else is unauthorized. If you >> are not the intended recipient, any form of disclosure, reproduction, >> distribution or any action taken or refrained from in reliance on it, >> is prohibited and may be unlawful. Please notify the sender >> immediately.-----Ursprüngliche Nachricht----- >> Von: Openvas-discuss >> [mailto:[email protected]] >> Im Auftrag von Stefan Schwarz >> Gesendet: Montag, 3. März 2014 14:14 >> An: [email protected] >> Betreff: Re: [Openvas-discuss] OpenVAS 6 LDAP/ADS Authentication Error >> >> Hi, >> >> what's the content of your auth.conf and where it's located? >> >> Stefan >> >> Am 03.03.2014 14:09, schrieb Cristian Iconaru: >>> Hi all, >>> >>> I've configured OpenVAS to authenticate to a LDAP/ADS Server but I've >>> got this error in the logs. >>> >>> event auth:MESSAGE:2014-03-03 12h55.28 utc:1872: Authentication error >>> for user User >>> md main: DEBUG:2014-03-03 12h55.28 utc:1872: -> client: >>> <authenticate_response status="500" status_text="Internal error"/> >>> >>> Does anyone know what that means? Internal error is a bit >>> ambiguous... I use OpenVAS 6 and both methods ldap/ads throw this >>> error. >>> Has anyone had a working config for LDAP/ADS? >>> >>> Thanks. >>> Best regards >>> >>> Cristian Iconaru >> [] >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-dis >> cuss >> >> > > > ------------------------------ > Geoff Galitz > http://www.galitz.org > > > ------------------------------ Geoff Galitz http://www.galitz.org _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
