Is TLS enabled and available? What command are you using for the ldapsearch?
-G > > It seems right, but now i got different errors: > > lib auth: DEBUG:2014-03-03 15h13.26 utc:2583: Authentication trial, > order 1, method file -> 1. (w/method) > lib ldap:WARNING:2014-03-03 15h13.26 utc:2583: StartTLS failed, trying to > establish ldaps connection. > lib ldap:WARNING:2014-03-03 15h13.26 utc:2583: LDAP authentication > failure: Can't contact LDAP server > lib auth: DEBUG:2014-03-03 15h13.26 utc:2583: Authentication trial, > order 3, method ldap -> -1. (w/method) > event auth:MESSAGE:2014-03-03 15h13.26 utc:2583: Authentication error for > user User > md main: DEBUG:2014-03-03 15h13.26 utc:2583: -> client: > <authenticate_response status="500" status_text="Internal error"/> > > Can't contact LDAP server - that's strange, because if I do a ldapsearch I > can list the DN.. > Any ideas? > > Thanks. > > ------------------------------------------------------------------------ > Cristian Iconaru > > just network services GmbH > klausenburger str. 9 > 81677 münchen > fon +49 89 16785623 > fax +49 89 167856-75 > www.junese.de > > geht nicht gibt's nicht! > ------------------------------------------------------------------------ > registergericht: münchen HRB 12 41 39, Steuernummer 829/29256, UstID > DE199333706, geschäftsführer: Oliver Prebeck, Martin Baumgartner > > Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten > Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail > oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form > der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des > Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall > mit dem Absender der E-Mail in Verbindung zu setzen. > The information contained in this email is intended solely for the > addressee. Access to this email by anyone else is unauthorized. If you are > not the intended recipient, any form of disclosure, reproduction, > distribution or any action taken or refrained from in reliance on it, is > prohibited and may be unlawful. Please notify the sender > immediately.-----Ursprüngliche Nachricht----- > Von: Geoff Galitz [mailto:[email protected]] > Gesendet: Montag, 3. März 2014 16:07 > An: Cristian Iconaru > Cc: [email protected]; Stefan Schwarz; [email protected] > Betreff: Re: AW: [Openvas-discuss] OpenVAS 6 LDAP/ADS Authentication Error > > > > Well.. for comparison here is what I have (sanitized of course): > > ----------------------- > > [root@ openvas]# rpm -qa | grep openvas-mana > openvas-manager-4.0.0-9.el6.art.x86_64 > > [[email protected] users]# pwd /var/lib/openvas/users > [[email protected] users]# more .auth.conf > > # Remote Authentication and authorization against an LDAP Directory, needs > # libraries to be compiled with ldap support # (pass -DBUILD_WITH_LDAP=ON > to cmake). > [method:ldap] > order=2 > enable=true > # Might contain port like in "host.domain:123" > ldaphost=ldap.xxx.net > authdn=uid=%s,ou=people,dc=xxx,dc=net > # Leave empty if authentication alone is enough to qualify as user > role-attribute=uid role-user-values=user;admin;ggalitz;john > role-admin-values=admin;ggalitz;john > rule-attribute=x-gsm-accessrule > ruletype-attribute=x-gsm-accessruletype > # If your ldapd does not speak StartTLS you could allow plaintext password > # transfer (you should never do this). > allow-plaintext=false > > > > > > >> Thanks, but has nothing to do...I still got the error. >> Do you have any ideas? >> >> ---------------------------------------------------------------------- >> -- >> Cristian Iconaru >> >> just network services GmbH >> klausenburger str. 9 >> 81677 münchen >> fon +49 89 16785623 >> fax +49 89 167856-75 >> www.junese.de >> >> geht nicht gibt's nicht! >> ---------------------------------------------------------------------- >> -- >> registergericht: münchen HRB 12 41 39, Steuernummer 829/29256, UstID >> DE199333706, geschäftsführer: Oliver Prebeck, Martin Baumgartner >> >> Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten >> Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser >> E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass >> jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder >> Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, >> sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. >> The information contained in this email is intended solely for the >> addressee. Access to this email by anyone else is unauthorized. If you >> are not the intended recipient, any form of disclosure, reproduction, >> distribution or any action taken or refrained from in reliance on it, >> is prohibited and may be unlawful. Please notify the sender >> immediately.-----Ursprüngliche Nachricht----- >> Von: Geoff Galitz [mailto:[email protected]] >> Gesendet: Montag, 3. März 2014 15:56 >> An: Cristian Iconaru >> Cc: Stefan Schwarz; [email protected] >> Betreff: Re: [Openvas-discuss] OpenVAS 6 LDAP/ADS Authentication Error >> >> >> Did you notice the typo "highlighted below": >> >> --------------------------- >> auth.conf is in /usr/local/var/lib/openvas/users >> >> [method:file] >> order=1 >> enabled=true >> >> ...the other methods are disabled till >> >> [method:ads] >> order=3 >> enable=true >> # Might contain port like "host.domain:123" >> ldaphost=192.168.10.1 >> authdn=%s@domain >> domain=domain.de >> role-attribute=memberof >> role-user-values=CN=user,OU=..,OU=..,OU=..,DC=domina,DC=de >> <-------------------- >> role-admin-values=CN=admin,OU=..,OU=..,OU=..,DC=domain,DC=de >> rule-attribute=rules >> >> ---------------------------- >> >>> Hi Stefan, >>> >>> auth.conf is in /usr/local/var/lib/openvas/users >>> >>> [method:file] >>> order=1 >>> enabled=true >>> >>> ...the other methods are disabled till >>> >>> [method:ads] >>> order=3 >>> enable=true >>> # Might contain port like "host.domain:123" >>> ldaphost=192.168.10.1 >>> authdn=%s@domain >>> domain=domain.de >>> role-attribute=memberof >>> role-user-values=CN=user,OU=..,OU=..,OU=..,DC=domina,DC=de >>> role-admin-values=CN=admin,OU=..,OU=..,OU=..,DC=domain,DC=de >>> rule-attribute=rules >>> ruletype-attribute=ruletype >>> >>> What would be the right values for the role attributes? >>> >>> Thanks. >>> Regards >>> >>> --------------------------------------------------------------------- >>> - >>> -- >>> Cristian Iconaru >>> >>> just network services GmbH >>> klausenburger str. 9 >>> 81677 münchen >>> fon +49 89 16785623 >>> fax +49 89 167856-75 >>> www.junese.de >>> >>> geht nicht gibt's nicht! >>> --------------------------------------------------------------------- >>> - >>> -- >>> registergericht: münchen HRB 12 41 39, Steuernummer 829/29256, UstID >>> DE199333706, geschäftsführer: Oliver Prebeck, Martin Baumgartner >>> >>> Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten >>> Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser >>> E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, >>> dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung >>> oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten >>> Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu >>> setzen. >>> The information contained in this email is intended solely for the >>> addressee. Access to this email by anyone else is unauthorized. If >>> you are not the intended recipient, any form of disclosure, >>> reproduction, distribution or any action taken or refrained from in >>> reliance on it, is prohibited and may be unlawful. Please notify the >>> sender immediately.-----Ursprüngliche Nachricht----- >>> Von: Openvas-discuss >>> [mailto:[email protected]] >>> Im Auftrag von Stefan Schwarz >>> Gesendet: Montag, 3. März 2014 14:14 >>> An: [email protected] >>> Betreff: Re: [Openvas-discuss] OpenVAS 6 LDAP/ADS Authentication >>> Error >>> >>> Hi, >>> >>> what's the content of your auth.conf and where it's located? >>> >>> Stefan >>> >>> Am 03.03.2014 14:09, schrieb Cristian Iconaru: >>>> Hi all, >>>> >>>> I've configured OpenVAS to authenticate to a LDAP/ADS Server but >>>> I've got this error in the logs. >>>> >>>> event auth:MESSAGE:2014-03-03 12h55.28 utc:1872: Authentication >>>> error for user User >>>> md main: DEBUG:2014-03-03 12h55.28 utc:1872: -> client: >>>> <authenticate_response status="500" status_text="Internal error"/> >>>> >>>> Does anyone know what that means? Internal error is a bit >>>> ambiguous... I use OpenVAS 6 and both methods ldap/ads throw this >>>> error. >>>> Has anyone had a working config for LDAP/ADS? >>>> >>>> Thanks. >>>> Best regards >>>> >>>> Cristian Iconaru >>> [] >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di >>> s >>> cuss >>> >>> >> >> >> ------------------------------ >> Geoff Galitz >> http://www.galitz.org >> >> >> > > > ------------------------------ > Geoff Galitz > http://www.galitz.org > > > ------------------------------ Geoff Galitz http://www.galitz.org _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
