Has anyone been able to successfully authenticate with LDAP?
I have followed the below guide:
I put the host IP address, and used the Auth DN: userid=%s,dc=dcgroup,dc=com and uploaded the host certificate.
I created a user but the authentication is failing.
In the log file it’s showing the following:
Authentication failure for ‘XXX’ from 192.168.XX.XX Status was 2.
August 12, 2021, 5:20am
Yes I use an Microsoft “passive” directory.
But the auth dn will be product depend.
For example for an Microsoft ldap use “%s”.
Please enable the debug log of gmvd to be sure, that you not run into an SSL problem with the ldap server.
I am actually using Microsoft LDAP as well.
I changed the dn to %s but still not working.
Can you guide me how to enable the debug log of gvmd please?
I have checked gvmd_log.conf and found the level 127.
August 12, 2021, 9:22am
As far as I know the debug output will only enabled on level 128.
Oh as I see, the forum software will break some formats.
So her the login dn for MS again “DOMAIN\%s”
You are right.
It says actually the following:
libgvm util:WARNING:2021-08-12 09h43.44 utc:69380: StartTLS failed, trying to establish ldaps connection.
libgvm util:WARNING:2021-08-12 09h43.44 utc:69380: LDAP authentication failure: Can’t contact LDAP server.
Even though I have uploaded the LDAP server certificate to the GVM.
August 12, 2021, 9:56am
In an windows “world” it will be enough to use the domain name as the server name, because all domain controllers will be resolved to it. In your case it looks like none of the domain controller can be reached.
You can check the connection via telnet or or openssl for start tls.
Both Servers are on the same subnet and connection is open on port 3389 and 636.
August 12, 2021, 10:06am
Try it under the command line via openssl to check the SSL connection.
Thank you tux, it’s working now. The only thing missing was using the hostname of the LDAP Server instead of its IP Address