No results were found in the Active Directory after the mskutil command

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Answer
zikos
Messages: 6
Registration: Apr 12, 2024 - 2:04 p.m.

April 17, 2024 - 11:45

Good morning,

WAPT2.5 / Debian 12 Bookworm

The problem I'm describing occurs on my production Windows domain controller + WAPT 2.5
I have also just installed a Hyper-V on a new test domain controller under Windows Server 2022 and a fresh installation of Debian 12 / WAPT 2.5 and I am observing the same problem.

Following @sfonteneau's recommendations, I used the libnginx-mod-http-auth-spnego package which can be found here:
https://wapt.tranquil.it/debian/wapt-2. ... th-spnego/

I'm not getting any updates from my WPAT server "srv-wapt" in the "prosioning" folder I created. I followed the It-Connect tutorial, which I had already used for WAPT 2.3.

I even tested with another organizational unit folder (I gave the rights to the "wapt" account on both folders (delegation of control for the wapt account with only objects of type "computers" with creation/deletion in "create" permissions for all child objects).

When I enter my kinit wapt (+password): no error
Then Klist correctly gives me the Kerberos ticket for the wapt account:

Code: Select all

root@srv-wapt:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: wapt@ADTEST.LOCAL

Valid starting       Expires              Service principal
17/04/2024 11:14:59  17/04/2024 21:14:59  krbtgt/ADTEST.LOCAL@ADTEST.LOCAL
        renew until 18/04/2024 11:14:52
17/04/2024 11:16:54  17/04/2024 21:14:59  ldap/serv2022adtest.adtest.local@
        renew until 18/04/2024 11:14:52
        Ticket server: ldap/serv2022adtest.adtest.local@ADTEST.LOCAL
17/04/2024 11:16:54  17/04/2024 11:18:54  kadmin/changepw@ADTEST.LOCAL
        renew until 17/04/2024 11:18:54
Next, I enter the two commands:

Code: Select all

msktutil --server Serv2022ADTEST.adtest.local --precreate --host $(hostname) -b ou=Provisioning,dc=adtest,dc=local --service HTTP --description "host account for wapt server" --enctypes 24 -N
Then :

Code: Select all

msktutil --server Serv2022ADTEST.adtest.local --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N
And nothing happens in the "provisioning" folder or any other test folder (even though I've done it before with WAPT 2.3). I'm waiting for the srv-wapt machine to register there with the description "host account for wapt server" ;)

If I try to go a little further (installing Waptconsole on a Windows machine), I log in to the "waptconsole" configuration, the server address is OK, the username and password are correct, and I then get this error message:

Picture

If anyone has any leads, I'm all ears.

THANKS.

Gregory.
High
zikos
Messages: 6
Registration: Apr 12, 2024 - 2:04 p.m.

April 23, 2024 - 10:52

Hello everyone,

For your information, when I talk about retrieving the WAPT server name, I followed the following tutorial from It-connect:

https://www.it-connect.fr/installer-wap ... logiciels/

It uses the same information found here to create the HTTP Keytab:
https://www.wapt.fr/fr/doc-2.5/wapt-sec ... entication

He simply added the following to the command:

Code: Select all

sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname) -b cn=computers --service HTTP --description "host account for wapt server" --enctypes 24 -N
An OR partition to separate it and place it within a "Provisioning" OR, preventing it from going directly into Computer, if I understand correctly. Which, on my system, looks like this:

Code: Select all

msktutil --server Serv2022ADTEST.adtest.local --precreate --host $(hostname) -b ou=Provisioning, dc=adtest,dc=local --service HTTP --description "host account for wapt server" --enctypes 24 -N
If this resonates with anyone, I don't see where I could have gone wrong so far.

THANKS,

Gregory.
High
Answer

Return to "WAPT Server"


  • To go further with WAPT