Hello,
I'm currently using wapt-entreprise and I'm having trouble with the self-service portal for my remote users.
When they're in the office, it works perfectly (first point ;p).
Then,
when they leave, go home, and turn on the VPN, it fails (it tells them the password is incorrect).
I take control of their computer
, restart the waptservice, and it works again.
How can I bypass/fix this issue? And/or what's causing this authentication problem?
Thanks in advance
. Best regards.
[RESOLVED] Wapt Self-Service network change
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Good morning
Sometimes it's a "krbtgt" issue on the local machine regarding remote work
The ideal solution would be to switch the service to waptserver-ldap mode
This limits the problems since the WAPT server handles the authentication, not the local machine
On the server side, however, LDAP must be configured:
https://www.wapt.fr/fr/doc/wapt-securit ... entication
And if you are using Kerberso, you must also configure the following:
https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on
Sometimes it's a "krbtgt" issue on the local machine regarding remote work
The ideal solution would be to switch the service to waptserver-ldap mode
Code: Select all
C:\Program Files (x86)\wapt\wapt-get.ini
[global]
service_auth_type=waptserver-ldapOn the server side, however, LDAP must be configured:
https://www.wapt.fr/fr/doc/wapt-securit ... entication
And if you are using Kerberso, you must also configure the following:
https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on
Good morning,
Thank you for this feedback
Yes, I am using Kerberos authentication
To be "sure" of not making a mistake, I "simply" need to add:
THANKS
Sincerely
Thank you for this feedback
Yes, I am using Kerberos authentication
To be "sure" of not making a mistake, I "simply" need to add:
of course adapted to my domain (AD), and I modify the file on each client:wapt_admin_group_dn=CN=waptadmins,OU=groups,OU=tranquilit,DC=mydomain,DC=lan
ldap_auth_server=srvads.mydomain.lan
ldap_auth_base_dn=DC=mydomain,DC=lan
ldap_auth_ssl_enabled=False
Will this have any impact on machines that currently authenticate using Kerberos? (Will both be accepted?)C:\Program Files (x86)\wapt\wapt-get.ini
[global]
service_auth_type=waptserver-ldap
THANKS
Sincerely
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Walibix,
yes, it should test Kerberos auth, and fall back to login/password auth if Kerberos auth is not available (i.e. the domain controller is not accessible).
yes, it should test Kerberos auth, and fall back to login/password auth if Kerberos auth is not available (i.e. the domain controller is not accessible).
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
For Kerberos, you will need to add an additional service account:
https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on
So that the server can parse the groups from the AD
https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on
Code: Select all
ldap_account_service_login = wapt-ldap@ad.tranquil.it
ldap_account_service_password = PASSWORD
