1. Betriebssysteme >
  2. Linux Tipps >
  3. ProFTPd + Windows AD (LDAP) - user cant sign-in

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

ProFTPd + Windows AD (LDAP) - user cant sign-in


Linux Tipps vom | Direktlink: reddit.com Nachrichten Bewertung

Currently we still have an old FTP server running, and we want to replace the installation (this due to various reasons).

Now I wish to use ProFTPd in combination with LDAP (MS Windows AD).

I have a connection with LDAP working, yet connection (non TLS) keeps getting refused and reccomendations?

Documentation to set this up:

https://warlord0blog.wordpress.com/2018/05/10/proftpd-and-ldap-active-directory/

Idea is that all in the ad-group "FTP-users" should have acces to the FTP server via LDAP (ms AD)

The mod_ldap logs show the following:

2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user

2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-08 22:37:34,021 mod_ldap/2.9.4[500]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,026 mod_ldap/2.9.4[500]: set LDAP protocol version to 3 2020-01-08 22:37:34,026 mod_ldap/2.9.4[500]: connected to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,029 mod_ldap/2.9.4[500]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-08 22:37:34,030 mod_ldap/2.9.4[500]: set dereferencing to 0 2020-01-08 22:37:34,030 mod_ldap/2.9.4[500]: set query timeout to 5 secs 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute sAMAccountName 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute uidNumber 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute gidNumber 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no values for attribute gidNumber, trying defaults 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: using LDAPDefaultGID 100 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: fetching values for attribute homeDirectory 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no values for attribute homeDirectory, trying defaults 2020-01-08 22:37:34,031 mod_ldap/2.9.4[500]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: set LDAP protocol version to 3 2020-01-08 22:37:34,035 mod_ldap/2.9.4[500]: connected to URL ldap://a.b.c.d/??sub 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: set dereferencing to 0 2020-01-08 22:37:34,038 mod_ldap/2.9.4[500]: set query timeout to 5 secs 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute sAMAccountName 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute uidNumber 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute gidNumber 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no values for attribute gidNumber, trying defaults 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: using LDAPDefaultGID 100 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: fetching values for attribute homeDirectory 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no values for attribute homeDirectory, trying defaults 2020-01-08 22:37:34,039 mod_ldap/2.9.4[500]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-09 11:12:57,545 mod_ldap/2.9.4[682]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,570 mod_ldap/2.9.4[682]: set LDAP protocol version to 3 2020-01-09 11:12:57,570 mod_ldap/2.9.4[682]: connected to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,573 mod_ldap/2.9.4[682]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-09 11:12:57,574 mod_ldap/2.9.4[682]: set dereferencing to 0 2020-01-09 11:12:57,574 mod_ldap/2.9.4[682]: set query timeout to 5 secs 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute sAMAccountName 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute uidNumber 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute gidNumber 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no values for attribute gidNumber, trying defaults 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: using LDAPDefaultGID 100 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: fetching values for attribute homeDirectory 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no values for attribute homeDirectory, trying defaults 2020-01-09 11:12:57,575 mod_ldap/2.9.4[682]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: generated filter OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz from template OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz and value ftp-user 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: generated filter (&(objectClass=user)(sAMAccountName=ftp-user)) from template (&(objectClass=user)(sAMAccountName=%u)) and value ftp-user 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: parsed 'ldap://a.b.c.d/??sub' as 'ldap://a.b.c.d:389/??sub' 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: attempting connection to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: set LDAP protocol version to 3 2020-01-09 11:12:57,577 mod_ldap/2.9.4[682]: connected to URL ldap://a.b.c.d/??sub 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: successfully bound as DN 'CN=read-only user,CN=Users,DC=corp,DC=ad-domain-name,DC=xyz' with password (see config) 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: set dereferencing to 0 2020-01-09 11:12:57,580 mod_ldap/2.9.4[682]: set query timeout to 5 secs 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: searched under base DN OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz using filter (&(objectClass=user)(sAMAccountName=ftp-user)) 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute sAMAccountName 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute uidNumber 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute gidNumber 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no values for attribute gidNumber, trying defaults 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: using LDAPDefaultGID 100 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: fetching values for attribute homeDirectory 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no values for attribute homeDirectory, trying defaults 2020-01-09 11:12:57,581 mod_ldap/2.9.4[682]: no homeDirectory attribute for DN CN=FTP USER,OU=ad-domain-name-Users,DC=corp,DC=ad-domain-name,DC=xyz, LDAPGenerateHomedir not enabled 
submitted by /u/dutch2005
[link] [comments]...

Externe Webseite mit kompletten Inhalt öffnen



https://www.reddit.com/r/linux/comments/em8h7s/proftpd_windows_ad_ldap_user_cant_signin/

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • ProFTPd + Windows AD (LDAP) - user cant sign-in

    vom 384.63 Punkte ic_school_black_18dp
    Currently we still have an old FTP server running, and we want to replace the installation (this due to various reasons). ​ Now I wish to use ProFTPd in combination with LDAP (MS Windows AD). ​ I have a connection with LDAP working, yet connection (non
  • Improving the Security and User Experience of your Google Sign In Implementation

    vom 189.47 Punkte ic_school_black_18dp
    Posted by Isabella Chen, Software Engineer We launched a fully revamped Sign-In API with Google Play services 8.3 providing a much more streamlined user experience and enabling easy server authentication and authorization. We’ve heard from many developers
  • Improving the Security and User Experience of your Google Sign In Implementation

    vom 189.47 Punkte ic_school_black_18dp
    Posted by Isabella Chen, Software Engineer We launched a fully revamped Sign-In API with Google Play services 8.3 providing a much more streamlined user experience and enabling easy server authentication and authorization. We’ve heard from many developers
  • ProFTPD bis 1.3.5d/1.3.6rc4 Symlink erweiterte Rechte

    vom 179.9 Punkte ic_school_black_18dp
    Eine kritische Schwachstelle wurde in ProFTPD bis 1.3.5d/1.3.6rc4 ausgemacht. Es geht hierbei um eine unbekannte Funktion. Durch Beeinflussen mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schwachstelle (Symlink) ausgenutzt werden. Klassifiziert wu
  • One tap sign-up and automatic sign-in without password entry using Smart Lock

    vom 172.91 Punkte ic_school_black_18dp
    Posted Steven Soneff, Product Manager, Google Identity More than 30 percent of users signing in to the Netflix app on Android no longer have to enter a password thanks to Google’s Smart Lock for Passwords. Learn more It’s been six months si
  • One tap sign-up and automatic sign-in without password entry using Smart Lock

    vom 172.91 Punkte ic_school_black_18dp
    Posted Steven Soneff, Product Manager, Google Identity More than 30 percent of users signing in to the Netflix app on Android no longer have to enter a password thanks to Google’s Smart Lock for Passwords. Learn more It’s been six months si
  • Sign-in and sync with work or school accounts in Microsoft Edge Insider builds

    vom 145.59 Punkte ic_school_black_18dp
    A top piece of feedback we’ve heard from Microsoft Edge Insiders is that you want to be able to roam your settings and browsing data across your work or school accounts in Microsoft Edge. Today, we’re excited to announce that Azure Active Directory wo
  • UACME - Defeating Windows User Account Control

    vom 135.24 Punkte ic_school_black_18dp
    Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10 (client, some methods however works on server version too). Admin account with UAC set on default settings required. UsageRun executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See "Run examples" below for more info.
  • ProFTPD bis 1.3.5a/1.3.6rc1 mod_tls schwache Verschlüsselung

    vom 134.93 Punkte ic_school_black_18dp
    Allgemein scipID: 81624 Betroffen: ProFTPD bis 1.3.5a/1.3.6rc1 Veröffentlicht: 05.04.2016 Risiko: kritisch Erstellt: 06.04.2016 Eintrag: 66.8% komplett Beschreibung Es wurde eine Schwachstelle in ProFTPD bis 1.3.5a/1.3.6rc1 gefunden. Sie wurde
  • ProFTPD bis 1.3.5a/1.3.6rc1 mod_tls schwache Verschlüsselung

    vom 134.93 Punkte ic_school_black_18dp
    Allgemein scipID: 81624 Betroffen: ProFTPD bis 1.3.5a/1.3.6rc1 Veröffentlicht: 05.04.2016 Risiko: kritisch Erstellt: 06.04.2016 Eintrag: 66.8% komplett Beschreibung Es wurde eine Schwachstelle in ProFTPD bis 1.3.5a/1.3.6rc1 gefunden. Sie wurde
  • Secure password-less sign-in for your Microsoft account using a security key or Windows Hello

    vom 131.14 Punkte ic_school_black_18dp
    Howdy folks, I’m so excited to share today’s news! We just turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required! FIDO2 enables users to leverage
  • API Updates for Sign-In with Google

    vom 130.08 Punkte ic_school_black_18dp
    Posted by Laurence Moroney With the release of Google Play services 8.3, we’ve made a lot of improvements to Sign-In with Google. In the first blog post of this ongoing series, we discussed the user interface improvements. Today, we will look further into the changes to the API to make building apps that Sign-In with Google easier than

Team Security Diskussion über ProFTPd + Windows AD (LDAP) - user cant sign-in