Show Posts
1
Virtual private networks / OpenVPN sudden LDAP Bind Error
« on: October 11, 2024, 09:46:42 am »
Hello,
We have been using a virtualized OPNsense + OpenVPN with a connection to our local AD in conjunction with TOTP for our users for about half a year. This has worked wonderfully so far. Recently, we have had the problem that some users are unable to establish a VPN connection.
The OpenVPN log for the user shows: LDAP bind error [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563; Invalid credentials]
However, the credentials are 100% correct. Even the LDAP test with user XY then fails. If we now delete the imported user from the OPNsense and import it again from our AD (previous OTP seed re-inserted), both the LDAP test and the login via OpenVPN+TOTP work perfectly for the user. Is this a known problem? Does anyone have a (permanent) solution? I don't feel like re-importing all ~70 accounts every few months
The current version is 24.7.6, but the problem has existed since at least 24.7.3
We have been using a virtualized OPNsense + OpenVPN with a connection to our local AD in conjunction with TOTP for our users for about half a year. This has worked wonderfully so far. Recently, we have had the problem that some users are unable to establish a VPN connection.
The OpenVPN log for the user shows: LDAP bind error [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563; Invalid credentials]
However, the credentials are 100% correct. Even the LDAP test with user XY then fails. If we now delete the imported user from the OPNsense and import it again from our AD (previous OTP seed re-inserted), both the LDAP test and the login via OpenVPN+TOTP work perfectly for the user. Is this a known problem? Does anyone have a (permanent) solution? I don't feel like re-importing all ~70 accounts every few months
The current version is 24.7.6, but the problem has existed since at least 24.7.3