Solved

PROFTPD - Login only to users under a specific group in AD 2003 - LDAP

Posted on 2011-09-30
2
662 Views
Last Modified: 2013-12-02
Hi people,

I can successfully login through LDAP if the User is in: "CN=Users,DC=xxxx,DC=xxxx,DC=br".

But if set up to look in "CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" I can not! And surely this user is in this group.

I got "no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br" but as you can see in the image bellow, the user is there.

http://postimage.org/image/ykh5zdyc/

Sep 30 11:13:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session opened.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_core
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'USER tbsoares' to mod_auth
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD command 'USER tbsoares' to mod_delay
Sep 30 11:13:36 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'USER tbsoares' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br from template CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: generated filter sAMAccountname=tbsoares from template sAMAccountname=%u and value tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: attempting connection to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set protocol version to 3
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: connected to ldap://XXX.xx.xx.xx:389/
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully bound as CN=proftp,CN=Users,DC=xxxx,DC=xxxx,DC=br with password N3tm4k3r
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set dereferencing to 0
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: set query timeout to 5s
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: searched under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br using filter sAMAccountname=tbsoares
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: no entries for filter sAMAccountname=tbsoares under base DN CN=G_FTP,CN=Users,DC=xxxx,DC=xxxx,DC=br
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): USER tbsoares: no such user found from 10.1.2.25 [10.1.2.25] to XXX.xx.xx.xx:21
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching PRE_CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching CMD command 'SYST' to mod_core
Sep 30 11:13:37 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): dispatching LOG_CMD command 'SYST' to mod_log
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Login timeout exceeded, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): Session timed out, disconnected
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: successfully unbound
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): mod_ldap/2.8.22: not unbinding to an already unbound connection.
Sep 30 11:18:34 hortela proftpd[17660] XXX.xx.xx.xx (10.1.2.25[10.1.2.25]): FTP session closed.

Open in new window


Tks in advance!

Tiago.
0
Comment
Question by:tbsoares
2 Comments
 
LVL 3

Accepted Solution

by:
dbauermann earned 500 total points
ID: 37002545
Tiago, desculpe-me pelo meu inglês "mais ou menos", só o responderei neste idioma para manter a resposta para os demais leitores...

Did you try to use only "CN=G_FTP,DC=xxxx,DC=xxxx,DC=br" ?
0
 

Author Comment

by:tbsoares
ID: 37019618
Opa, sem problemas!

Just work if I put the users in the OU called G_FTP, but not in the group with this name...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to restrict a file from copy/edit/save/print/saveas? 8 54
Linux hostname change 2 55
OpenVMS Training 1 28
Can't connect to new installation of SQL Server 2016 6 31
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now