OpenVPN and LDAP Auth AMDRC2

  • I've just setup OpenVPN to use LDAP authentication and everything works fine for all the users defined except me :(

    The LDAP setup works fine for login into the web interface but for some reason it is doing some strangeness on the VPN login.

    in the logs I'm seeing the lookup attempting to resolve this user name samaccountname=kevino_connor  when it should be checking samaccountname=kevino'connor

    As said it looks up the right name on the web interface so I'm at a loss to explain why OpenVPN alters the ' to a _

  • Rebel Alliance Developer Netgate

    It might be due to the "username as common name" option, I don't think that ' is a valid character in a common name.

  • It's exactly the same setup that authenticates me into the box.

    From the logs

    Jun 7 08:25:27 php: /index.php: Successful webConfigurator login for user 'kevino'connor' from
    Jun 7 08:25:27 php: /index.php: Logged in successfully as kevino'connor via LDAP server MFRS with DN = CN=O'Connor, Kevin,OU=Users,OU=xxxxx,DC=xxxxx,DC=xxxxx,DC=uk.
    Jun 7 08:25:27 php: /index.php: Now Searching in server MFRS, container OU=xxxxx,DC=xxxxx,DC=xxxxx,DC=uk with filter (samaccountname=kevino'connor).

    So logging in via the web interface the code correctly passes the '

    An ' in a CN is a perfectly acceptable character according to the standards so something in the OpenVPN code must be transposing it.

    Does anyone have any ideas where I should start looking?

  • Rebel Alliance Developer Netgate

    Yeah you're right, that was just a random guess.

    I'd look at the authentication script that gets written out to /var/etc/openvpn/ for that server instance, see if there is anything in it that changes the username.

Log in to reply