« previous next »
Pages: [1]

Author Topic: Binding Firewall VPN to Zentyal LDAP  (Read 2055 times)

kase

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Binding Firewall VPN to Zentyal LDAP
« on: July 05, 2012, 06:03:44 pm »
Hi.
Im new here, and want to start with a big thanks, its a great system that has made me save lots of hours.

I have a VPN-tunnel(PPTP) on my firewall, which works fine with a local user. But i want to make it use the LDAP(Zentyal)-database to authenticate users.
I have tried lots of things. This is the information i need to fill in on my firewall. Where can i find out what the info might be? The text in bold is the info i tried with, but does not seem to work.

IP-adress: well this option was not a problem ;)
Port: 389
Name Attribute:   uid
[checkbox] Retrieve Group Membership: checked
Membership Attribute:   memberOf
Use Domain Name:   Dont use (can choose between "username postfix" or "username prefix")
Base Object:   dc=kasenet,dc=kasenet
Administrator Account:   cn=ebox
Password:   the password from LDAP settings in the web-interface of Zentyal
Password Attribute:   userPassword


Thanks in advance.
Logged

majestyx

  • Board Moderator
  • Zen Warrior
  • *****
  • Posts: 243
  • Karma: +8/-1
  • Dont feed the Troll !
    • View Profile
    • German FSFE Blog
Re: Binding Firewall VPN to Zentyal LDAP
« Reply #1 on: July 06, 2012, 06:49:28 pm »
which system is your Firewall ?? iptables ?

if you use a "redhat" Fw (whit IP tables) this works for LDAP

http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server/

Logged
Ahoi
Michael (majestyx) pls, applaud if I could help ;)
--
Erst lesen, dann schreiben: http://forum.zentyal.org/index.php/topic,4317.0.html

Zentyal Doku: http://doc.zentyal.org/en/zindex.html (engl.)

kase

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Binding Firewall VPN to Zentyal LDAP
« Reply #2 on: July 09, 2012, 02:02:29 pm »
Thanks for the reply.
Altough i dont use RH firewall. I have a D-Link DFL-800
I just need to now where on the LDAP-server to get the info required.
Logged

christian

  • Guest
Re: Binding Firewall VPN to Zentyal LDAP
« Reply #3 on: July 09, 2012, 03:32:49 pm »
1 - of course you have checked twice that access to LDAP server is authorized on Zentyal (default allows only access to "localhost")  ;) Look at (Zentyal) FW.
2 - so far, unless I'm wrong, "memberof" attribute is not used in Zentyal LDAP design
3 - I'm always VERY suspicious when I see an application requiring LDAP admin password in order to implement LDAP based authentication  >:( What is you FW ?
4 - If your FW is between Internet and Zentyaql, think twice before authorizing access to port 389/636 on Zentyal external interface and do it only for your FW  8)
Logged

kase

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Binding Firewall VPN to Zentyal LDAP
« Reply #4 on: July 09, 2012, 03:39:34 pm »
Hi.
I actually got authenticating to work right now. I ditched the idea of authenticating against the LDAP-server. Instead i installed the RADIUS-module in Zentyal, and then used a shared secret between the firewall and Zentyal. Works like a charm. I dont know if it needs to be more secure though? Its similar to the solution we had before.
Logged
Pages: [1]
« previous next »