?
Solved

PROFTPD - Login only to users under a specific group in AD 2003 - LDAP

Posted on 2011-09-30
2
Medium Priority
?
729 Views
Last Modified: 2013-12-02
Hi people,

I can successfully login through LDAP if the User is in: "CN=Users,DC=xxxx,DC=xxxx,DC=br".

But if set up to look in "CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" I can not! And surely this user is in this group.

I got "no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" but as you can see in the image bellow, the user is there.

http://postimage.org/image/ykh5zdyc/

Sep 30 11:13:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session opened.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'USER tbsoares' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br from template CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter sAMAccountname=tbsoares from template sAMAccountname=%u and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: attempting connection to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set protocol version to 3
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: connected to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully bound as CN=proftp,CN=Users,DC=xxxx,DC=xxxx,DC=br with password N3tm4k3r
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set dereferencing to 0
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set query timeout to 5s
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: searched under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br using filter sAMAccountname=tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): USER tbsoares: no such user found from 10.1.2.25 [10.1.2.25] to XXX.xx.xx.xx:21
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'SYST' to mod_log
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Login timeout exceeded, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Session timed out, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully unbound
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session closed.

Open in new window


Tks in advance!

Tiago.
0
Comment
Question by:tbsoares
2 Comments
 
LVL 3

Accepted Solution

by:
dbauermann earned 2000 total points
ID: 37002545
Tiago, desculpe-me pelo meu inglês "mais ou menos", só o responderei neste idioma para manter a resposta para os demais leitores...

Did you try to use only "CN=G_FTP,DC=xxxx,DC=xxxx,DC=br" ?
0
 

Author Comment

by:tbsoares
ID: 37019618
Opa, sem problemas!

Just work if I put the users in the OU called G_FTP, but not in the group with this name...
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses
Course of the Month16 days, 12 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question