Hello,
we have configured Kerberos for machine registration, and it works well. However, since version 2.1, self-service no longer launches on client machines, without any error message, but it does launch correctly when we set `use_kerberos=0` in `wapt-get.ini`.
Thank you for your help.
[SOLVED] Kerberos and Selfservice
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Good morning
For Kerberos authentication in self-service
Is the wapt-get.ini file on the agent correctly configured in this mode?
And on the Wapt server in /opt/wapt/conf/waptserver.ini
What is often forgotten is to add ldap_account_service_login and ldap_account_service_password
Without this, the server can authenticate the user correctly but cannot know which groups they belong to
For Kerberos authentication in self-service
Is the wapt-get.ini file on the agent correctly configured in this mode?
Code: Select all
[global]
use_kerberos=True
service_auth_type=waptserver-ldapCode: Select all
[options]
ldap_auth_server = srvads.mydomain.lan
ldap_auth_base_dn = DC=mydomain,DC=lan
ldap_account_service_login = wapt-ldap@mydomain.lan
ldap_account_service_password = password
Without this, the server can authenticate the user correctly but cannot know which groups they belong to
-
Renaud Villet
- Messages: 30
- Registration: January 23, 2020 - 2:12 PM
OK great, it works.
Thank you!
Thank you!
Everything is fine after adding:
THANKS !
Code: Select all
ldap_auth_ssl_enabled = False