Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 15 November 2024, 08:15:12 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14255 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  EFW 2.3 rc1 LDAP Authentication
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 2.3 rc1 LDAP Authentication  (Read 18206 times)
NinNin
Full Member
***
Offline Offline

Posts: 24


« on: Saturday 24 October 2009, 10:16:55 pm »

Hi everybody,
     I have problem about LDAP Authentication. I never configure authentication with this method, but because I cannot authen with Windows AD, so I try test authen with LDAP instead. After configure complete, I test launch to any web site from Client-Pc (Windows XP) and from My Server (W2k3 Server), I can launch to all website without any problem. But when I go to EFW GUI on the menu "Logs -> Proxy", the Logs can not show "Username" and when I go to "Proxy -> HTTP -> Access Policy" in the  tab "Authentication" either I select 'user based' or 'group based', it always show "Can't find the AD/LDAP Server". Anybody can suggest me abouth the solution please.

1. Configure & Setting LDAP
http://www.uppicweb.com/show.php?id=d64b3d3765809674ccfed72de2c8f742

2. Log shows IP address and URL, but no Username
http://www.uppicweb.com/show.php?id=4063b31f48488cd97c876a8f533dfb58

3. Can't find AD / LDAP Server <User>
http://www.uppicweb.com/show.php?id=a1130508e33589854d150593ec94623e

4. Can't find AD / LDAP Server <Group>
http://www.uppicweb.com/show.php?id=9692b8b78c2a8a41986e5b35016d0701


Logged
nopyobe
Full Member
***
Offline Offline

Posts: 13


« Reply #1 on: Wednesday 02 December 2009, 10:04:39 am »

I was having the same problem. Two things to point out:

#1. Be sure that you set the entire path for the user account that you are authenticating with.  For example, you have cn=administrator,dc=abc,dc=com in your Bind DN Username field.  If in fact you are authenticating with the user "Administrator", Active Directory does see this user account as a container (cn), but it resides in the "USERS" container.  The path should have been:

cn=administrator,cn=users,dc=abc,dc=com

So, for all of your settings:
AUTHENTICATION REALM: ABC.COM
LDAP Server: 4.10.0.1 (Or whatever IP your AD LDAP Server is)
Base DN Settings: cn=users,dc=abc,dc=com
Bind DN Username: cn=administrator,cn=users,dc=abc,dc=com
Bind DN Password: (Your password for Administrator)
user ObjectClass : person (Noticed that you changed this to "users")
group ObjectClass: group

#2. Ok. Now for the kicker that messed me up for a  of hours.  When you get this working and you go into the "Access Policy", you should see that you now have the ability to select groups.  You cannot pick any groups that have SPACES in them.  For example: CN:DOMAIN USERS,CN=USERS,DC=ABC,DC=COM.  It does not seem that it can interpret anything with spaces in any part of the name.

My suggestion would be to create a new group and put your users within that group.  Make sure that the new group is within the "USERS" container (Since that is your Base DN), and it does not contain any spaces.

Hope this helps.

Nopyobe.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com