D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: fernando.w on April 20, 2010, 11:41:41 AM
-
Hello all!
It is possible to use an AD user database to user authentication instead of a local user database?
Thanks in advance.
-
It's possible in 2.26 firmware
-
Hi danilovav, thanks for answer.
I'm using the version 2.26.01. I tried to configure the "authentication rule" with LDAP, but I don't have success.
I did the configuration of AD authentication rule like a local authentication rule, but also changing the authentication source to LDAP and selecting the Active Directory in "Authentication Options" tab. Moreover, I created the IP rules for allow access from vpn to lan.
So when I try to connect to DFL-800 with a windows xp client, it returns error 718 (someting about ppp timeout because the remote server did not responding). If I try to reconnect soon after, the windows xp returns error 691 (access denied - invalid username or password)
The DFL-800 log shows the following message:
2010-04-20 21:00:39 Warning RULE 6000051 Default_Rule TCP wan1 76.186.73.219 189.85.129.40 1320 445 ruleset_drop_packet drop ipdatalen=28 tcphdrlen=28 syn=1
2010-04-20 21:00:31 Notice PPTP 2700022 pptp_tunnel_closed iface=tunnel-pptp remotegw=201.14.187.189
2010-04-20 21:00:31 Notice PPTP 2700008 pptp_session_closed iface=tunnel-pptp remotegw=201.14.187.189 callid=0
2010-04-20 21:00:11 Alert USERAUTH 3700407 failed_admin_bind database connection disabled
database=ActiveDirectory
2010-04-20 21:00:10 Notice PPTP 2700019 pptp_tunnel_up iface=tunnel-pptp remotegw=201.14.187.189
Can anybody help me?
Best regards,
-
If you switch your auth rule to local database do you connect with the same auth rule?
Does your LDAP server have any logs of the auth requests?
-
Hi Fatman,
Yes, if I only switch the auth rule to local database it works. The Windows2003 server returns only three information log as follow (the logs are in Portuguese because of the Windows2003 server language):
Tipo de evento: Informações
Fonte de evento: NTDS LDAP
Categoria do evento: Interface LDAP
Id. do evento: 1139
Data: 22/4/2010
Hora: 11:44:29
Usuário: TESTE\maria
Computador: TESTELDAP
Descrição:
Evento interno: a função ldap_search foi concluída com tempo transcorrido de 0 ms.
----------------------------------------------------------------------------------------------------
Tipo de evento: Informações
Fonte de evento: NTDS Database
Categoria do evento: Processamento interno
Id. do evento: 1167
Data: 22/4/2010
Hora: 11:44:29
Usuário: TESTE\maria
Computador: TESTELDAP
Descrição:
Evento interno: o Active Directory usará o índice a seguir como o índice ideal para esta consulta.
Índice:
idx_sAMAccountName:1:N;
----------------------------------------------------------------------------------------------------
Tipo de evento: Informações
Fonte de evento: NTDS Database
Categoria do evento: Processamento interno
Id. do evento: 1166
Data: 22/4/2010
Hora: 11:44:29
Usuário: TESTE\maria
Computador: TESTELDAP
Descrição:
Evento interno: o Active Directory pode usar o índice a seguir para otimizar uma consulta. A contagem de
registros aproximada para usar este índice é a seguinte.
Índice:
idx_sAMAccountName:1:N;
Contagem de registros:1
-
When you are trying to log into the VPN remotely to generate these logs were you using the user and computer listed below. These do not look like the kind of logs we should be seeing if we have failed auth going on.
Usuário: TESTE\maria
Computador: TESTELDAP
Try this then, run wireshark on the server and then reboot your firewall and try to remotely authenticate to the VPN, that way we can confirm if any traffic is even reaching the server.
-
Hi Fatman,
Follows the wireshark log, filtered only with LDAP data. The user called "administrador" is the admin user of the win2003 server. The host 192.168.186.128 is the Win2003 server IP and 192.168.186.254 is the DFL-800 IP. I'm investigating the message "comment: AcceptSecurityContext error".
No. Time Source Destination Protocol Info
45 20.726967 192.168.186.254 192.168.186.128 LDAP bindRequest(3) "administrador" simple
Frame 45 (100 bytes on wire, 100 bytes captured)
Ethernet II, Src: D-Link_1a:3b:33 (00:21:91:1a:3b:33), Dst: Vmware_2d:9e:e1 (00:0c:29:2d:9e:e1)
Internet Protocol, Src: 192.168.186.254 (192.168.186.254), Dst: 192.168.186.128 (192.168.186.128)
Transmission Control Protocol, Src Port: tcoregagent (1976), Dst Port: ldap (389), Seq: 1, Ack: 1, Len: 46
Lightweight-Directory-Access-Protocol
LDAPMessage bindRequest(3) "administrador" simple
messageID: 3
protocolOp: bindRequest (0)
bindRequest
version: 3
name: administrador
authentication: simple (0)
simple: 6469676974726F
[Response In: 46]
No. Time Source Destination Protocol Info
46 20.730257 192.168.186.128 192.168.186.254 LDAP bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece)
Frame 46 (163 bytes on wire, 163 bytes captured)
Ethernet II, Src: Vmware_2d:9e:e1 (00:0c:29:2d:9e:e1), Dst: D-Link_1a:3b:33 (00:21:91:1a:3b:33)
Internet Protocol, Src: 192.168.186.128 (192.168.186.128), Dst: 192.168.186.254 (192.168.186.254)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: tcoregagent (1976), Seq: 1, Ack: 47, Len: 109
Lightweight-Directory-Access-Protocol
LDAPMessage bindResponse(3) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece)
messageID: 3
protocolOp: bindResponse (1)
bindResponse
resultCode: invalidCredentials (49)
matchedDN:
errorMessage: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
[Response To: 45]
[Time: 0.003290000 seconds]