PROFTPD - Login only to users under a specific group in AD 2003 - LDAP

Hi people,

I can successfully login through LDAP if the User is in: "CN=Users,DC=xxxx,DC=xxxx,DC=br".

But if set up to look in "CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" I can not! And surely this user is in this group.

I got "no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" but as you can see in the image bellow, the user is there.

http://postimage.org/image/ykh5zdyc/

Sep 30 11:13:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session opened.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'USER tbsoares' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br from template CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter sAMAccountname=tbsoares from template sAMAccountname=%u and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: attempting connection to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set protocol version to 3
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: connected to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully bound as CN=proftp,CN=Users,DC=xxxx,DC=xxxx,DC=br with password N3tm4k3r
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set dereferencing to 0
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set query timeout to 5s
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: searched under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br using filter sAMAccountname=tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): USER tbsoares: no such user found from 10.1.2.25 [10.1.2.25] to XXX.xx.xx.xx:21
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'SYST' to mod_log
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Login timeout exceeded, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Session timed out, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully unbound
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session closed.

Open in new window


Tks in advance!

Tiago.
tbsoaresAsked:
Who is Participating?
 
dbauermannConnect With a Mentor Commented:
Tiago, desculpe-me pelo meu inglês "mais ou menos", só o responderei neste idioma para manter a resposta para os demais leitores...

Did you try to use only "CN=G_FTP,DC=xxxx,DC=xxxx,DC=br" ?
0
 
tbsoaresAuthor Commented:
Opa, sem problemas!

Just work if I put the users in the OU called G_FTP, but not in the group with this name...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.