Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: AD Authentication not working correctly.

  1. #11
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    Is "ide" a valid shinken contact? If it's email the good one in its configuration and in the active directory?
    No direct support by personal message. Please open a thread so everyone can see the solution

  2. #12

    Re: AD Authentication not working correctly.


    No, IDE is not a shinken contact !

    I tried by adding it as a contact (with no password), it didn't work
    I tried by adding it as a contact (with different password from AD), it didn't work

    And periodicaly I get this message :

    [WebUI] The mod ActiveDir_UI raise an exception: {'desc': "Can't contact LDAP server"}, I'm tagging it to restart later



    Here is a summary of what i've tested and do not work :

    • [li]No contact in shinken - login : ide (SamAccountName) [/li]
      [li]No contact in shinken - login : ide@domain.lan (it is not the email it's the "new" windows login way)[/li]
      [li]No contact in shinken - login : DOMAIN\ide (Login of old windows but still working) [/li]
      [li]No contact in shinken - login : DOMAIN/ide (Login of old windows but linux way) [/li]
      [li]No contact in shinken - login : ide@domain.tld (here it is the email)[/li]
      [li]Contact Name same as login - login : ide (SamAccountName) [/li]
      [li]Contact Name same as login - login : ide@domain.lan (it is not the email it's the "new" windows login way)[/li]
      [li]Contact Name same as login - login : DOMAIN\ide (Login of old windows but still working) [/li]
      [li]Contact Name same as login - login : DOMAIN/ide (Login of old windows but linux way) [/li]
      [li]Contact Mail same as login - login : ide@domain.tld (here it is the email)[/li]


    NB : All contact listed above had no password
    If I add a password the user could login without asking AD (expected behavior)

  3. #13
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    You will not be able to connect without a valid contact login. Then the next erreor is "cannot connect". I think you can try to change username Administrator@domain.lan inthe module configuration by the full CN of this user, and change DC=domain,DC=lan to be more specific, like a DN or something like that (go deeper on the tree, you don't need to parse the whole tree each time).
    No direct support by personal message. Please open a thread so everyone can see the solution

  4. #14

    Re: AD Authentication not working correctly.

    No luck ! :'(


    With this conf, still the same error : {'desc': "Can't contact LDAP server"}

    I try something else :

    [list type=decimal]
    [li]try to Solve the connect error[/li]
    [li]then try to solve the "not found" error[/li][/list]

    I'll let you know !


    Just one question : if I change the module configuration should I restart Arbiter AND Broker or juste Broker ? thx

    Code:
    define contact{
      use       generic-contact
      contact_name  ide
      email      ide@domain.tld
      is_admin    1
      can_submit_commands  1
    }
    
    
    
    define module {
      module_name ActiveDir_UI
      module_type ad_webui
      ldap_uri ldap://AD-1
      username CN=Administrator,CN=Users,DC=domain,DC=lan
      password PASSWORD
      basedn CN=Users,DC=domain,DC=lan
      mode    ad
    }

  5. #15
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    You need to restart both I think to be sure.
    No direct support by personal message. Please open a thread so everyone can see the solution

  6. #16

    Re: [SOLVED] AD Authentication not working correctly.

    So It finally works for me : ;D

    The LDAP uri was wrong :

    I used IP address ==> Doesn't Work >

    I must use FQDN !!!! :P

    The next step is to auto-load contact from AD (using the article in GLMF HS 62 page 75)
    But that is another story !

    Thanks again !

    The contact :

    Code:
    define contact{
      use       generic-contact
      contact_name  ide@domain.lan
      email      imrane.dessai@domain.tld
      pager      0692000000
      is_admin    1
      can_submit_commands  1
      contactgroups admins
    }
    The module :

    Code:
    define module {
      module_name ActiveDir_UI
      module_type ad_webui
      ldap_uri ldap://DC_NAME
      username Administrator@domain.lan
      password vCenter-974
      basedn DC=domain,DC=lan
      mode    ad
    }


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •