[Samba] OpenVPN using LDAP Auth and Samba 4 AD
Denis Cardon
dcardon at tranquil.it
Mon Mar 2 08:23:29 UTC 2020
Hi Paul,
Le 03/01/2020 à 12:01 PM, Paul Littlefield via samba a écrit :
> Hello All,
>
> I would like to use OpenVPN with Samba 4 AD using the LDAP Auth plugin.
>
> However, my tests come up with the following errors in the OpenVPN...
>
>
> LDAP bind failed: Strong(er) authentication required (BindSimple:
> Transport encryption required.)
It means you have the "ldap server require strong auth = yes" in your
conf (it is the default value and it is good like that), and it refuse
simple bind over plain connection. You can disable it by switching to
"no", or better, install SSL/TLS certificates that your openvpn server
trusts (internal CA, letencrypts or commercial certificate).
Note if you are using sasl over ssl/tls for your auth you might have to
use "allow_sasl_over_tls" value for that parameter instead of yes (I
guess because of channel binding issue).
> Unable to bind as CN=VPN Connect,CN=Users,DC=MYDOMAIN,DC=COM
> LDAP connect failed.
> PLUGIN_CALL: POST
> /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
> PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with
> status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
> TLS Auth Error: Auth Username/Password verification failed for peer
>
>
> Has anyone else used OpenVPN with Samba 4 AD and if so, can I see your
> sanitised config please?
>
> Samba 4.7.6+dfsg~ubuntu-0ubuntu2.15
4.7.6 is an old version that is no more maintained. Better get the
lastest and shiniest version soon :-)
Cheers,
Denis
> OpenVPN 2.3.10-1ubuntu2.2
>
> Thanks,
>
> Paully
>
--
Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755
http://www.tranquil.it
Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba
mailing list