800+ IT
News
als RSS Feed abonnieren๐ ProFTPd + Windows AD (LDAP) - user cant sign-in
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
Currently we still have an old FTP server running, and we want to replace the installation (this due to various reasons).
โ
Now I wish to use ProFTPd in combination with LDAP (MS Windows AD).
โ
I have a connection with LDAP working, yet connection (non TLS) keeps getting refused and reccomendations?
Documentation to set this up:
https://warlord0blog.wordpress.com/2018/05/10/proftpd-and-ldap-active-directory/
โ
Idea is that all in the ad-group "FTP-users" should have acces to the FTP server via LDAP (ms AD)
The mod_ldap logs show the following:
2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user
2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,026 mod_ldap/2.9.4[500]: set LDAP protocol version to 3 2020-01-08 22:37:34,026 mod_ldap/2.9.4[500]: connected to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,029 mod_ldap/2.9.4[500]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-08 22:37:34,030 mod_ldap/2.9.4[500]: set dereferencing to 0 2020-01-08 22:37:34,030 mod_ldap/2.9.4[500]: set query timeout to 5 secs 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute sAMAccountName 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute uidNumber 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute gidNumber 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no values for attribute gidNumber, trying defaults 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: using LDAPDefaultGID 100 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute homeDirectory 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no values for attribute homeDirectory, trying defaults 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: set LDAP protocol version to 3 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: connected to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: set dereferencing to 0 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: set query timeout to 5 secs 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute sAMAccountName 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute uidNumber 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute gidNumber 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no values for attribute gidNumber, trying defaults 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: using LDAPDefaultGID 100 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute homeDirectory 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no values for attribute homeDirectory, trying defaults 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,570 mod_ldap/2.9.4[682]: set LDAP protocol version to 3 2020-01-09 11:12:57,570 mod_ldap/2.9.4[682]: connected to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,573 mod_ldap/2.9.4[682]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-09 11:12:57,574 mod_ldap/2.9.4[682]: set dereferencing to 0 2020-01-09 11:12:57,574 mod_ldap/2.9.4[682]: set query timeout to 5 secs 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute sAMAccountName 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute uidNumber 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute gidNumber 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no values for attribute gidNumber, trying defaults 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: using LDAPDefaultGID 100 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute homeDirectory 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no values for attribute homeDirectory, trying defaults 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: set LDAP protocol version to 3 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: connected to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: set dereferencing to 0 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: set query timeout to 5 secs 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute sAMAccountName 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute uidNumber 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute gidNumber 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no values for attribute gidNumber, trying defaults 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: using LDAPDefaultGID 100 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute homeDirectory 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no values for attribute homeDirectory, trying defaults 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled [link] [comments] ...