Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: AD Authentication not working correctly.

  1. #1
    Junior Member
    Join Date
    Nov 2012
    Posts
    3

    AD Authentication not working correctly.

    I have been working on getting Shinken set up as a demo for my dept head but the one thing I cannot get to work is AD authentication. I do have my user listed in contacts and my ad config looks as follows

    define module {
    username myuser@my.domain.edu
    basedn DC=my,DC=domain,DC=edu
    module_type ad_webui
    mode ad
    module_name ActiveDir_UI
    password mypass
    }

    my webui module is
    define module {
    modules ActiveDir_UI,Cfg_password,PNP_UI,Mongodb
    manage_acl 1
    play_sound 0
    host 0.0.0.0
    module_type webui
    allow_html_output 0
    max_output_length 100
    module_name WebUI
    auth_secret CHANGE_ME
    port 7767
    }

    I have debug turned on but I am not seeing anything useful coming through the broker-debug.log that would tell me what is wrong. Any ideas?

  2. #2
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    No "killing" module message from the broker?
    No direct support by personal message. Please open a thread so everyone can see the solution

  3. #3
    Junior Member
    Join Date
    Nov 2012
    Posts
    3

    Re: AD Authentication not working correctly.

    Not in brokerd.log nor in broker-debug.log.

  4. #4
    Junior Member
    Join Date
    Nov 2012
    Posts
    3

    Re: AD Authentication not working correctly.

    We do not use a typical setup for AD. Instead of using Users tto store our users we use an OU called People. Could this be the problem and if so how do I work around this?

  5. #5
    Administrator
    Join Date
    Jun 2011
    Posts
    216

    Re: AD Authentication not working correctly.

    I guess it could be an issue. I've looked at the active_directory_ui.py ans I see nothing that reminds OU. Do you have warnings at least in your logfile? If it's an OU issue, i guess the module is not able to find the user.

  6. #6

    Re: AD Authentication not working correctly.

    I have the same problem with this message in log :

    2013-02-20 11:57:45,292 [1361347065] Warning : [Active Directory UI] AD/Ldap: invalid user ide (not founded)
    2013-02-20 11:58:28,893 [1361347108] Warning : [Active Directory UI] AD/Ldap: invalid user ide@domain.lan (not founded)
    2013-02-20 11:58:41,661 [1361347121] Warning : [Active Directory UI] AD/Ldap: invalid user domain\ide (not founded)


    But the user "ide" exists, and is working good

    Perhaps it is the syntax


    PS : Is there a type in the log message : nout foundED ! Isn't it "not found" ! ;D




  7. #7
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    With active directory? And the module is configure to be link with active directory? (and not openldap)?

    Thanks for the typo, I'm fixing it
    No direct support by personal message. Please open a thread so everyone can see the solution

  8. #8

    Re: AD Authentication not working correctly.

    Yes, with AD

    Code:
    define module {
      module_name ActiveDir_UI
      module_type ad_webui
      ldap_uri ldap://AD-1
      username Administrator@domain.lan
      password MYPASS
      basedn DC=domain,DC=lan
      mode    ad
    }

    Here a new appeared message in the log (telnet ad-1 389 works fine) :


    Warning : [WebUI] The mod ActiveDir_UI raise an exception: {'desc': "Can't contact LDAP server"}, I'm tagging it to restart later

  9. #9
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,131

    Re: AD Authentication not working correctly.

    Can you try with the full CN of your user for connecting instead of the email?
    No direct support by personal message. Please open a thread so everyone can see the solution

  10. #10

    Re: AD Authentication not working correctly.

    Already tested => same error message

    Tested in the module conf and the auth page of web ui

    How user are filtered in the LDAP query of the ad module ?

    ldapsearch from the same host of the broker works fine too

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •