[RESOLVED] Self-Service Malfunction

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

December 18, 2024 - 08:18

Hello Simon,

No, it's launched with a standard user account. Do I need to re-run it as root?

Okay, I launched it as root. It's asking me for a username and then a group it's supposed to belong to, is that right?
If I enter the information in this way, here is the output:

Code: Select all

/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
----------------------------------------------------------------
Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
DEBUG:root:Dn username not found
Username : mullert
Group test member : caduser
DEBUG:root:(|(&(distinguishedName=CN=Muller\, Thomas,OU=Users,OU=Forbach,OU=Agences-HYDAC,DC=fr,DC=hydac,DC=int)(primaryGroupID=1637))(&(member:1.2.840.113556.1.4.1941:=CN=Muller\, Thomas,OU=Users,OU=Forbach,OU=Agences-HYDAC,DC=fr,DC=hydac,DC=int)(sAMAccountName=caduser)))
----------------------------------------------------------------
[FAIL] username mullert not in group caduser
----------------------------------------------------------------
{'success': True, 'groups': [], 'error': False, 'msg': ''}
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

January 13, 2025 - 3:34 PM

Hello,

could someone please look into this?
I'm still unable to get my Self working via LDAP authentication.

Thanks in advance,
Thomas
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
clafon
Messages: 109
Registration: Nov 06, 2024 - 10:56

January 14, 2025 - 09:08

We are encountering the same problem, yet the waptserver.ini file seems to be correctly configured

Code: Select all

[options]
secret_key = 2D23c3Rba7wgEkd10qM7Jps8sFYxlQToxM0ybytbxhlHEb9eEJlqTbYFRcpsHMGO
token_secret_key = XsdBd6Hy9mebQ9V2CwnwE2igvscb7ELutlZQyHE11PxLgcLXPOl6UV1LTWEM9bR6
server_uuid = 5c849d8f-5f14-47cd-9622-e4479a471f04
waptwua_folder = /var/www/waptwua
wapt_huey_db = /opt/wapt/db/waptservertasks.sqlite
wapt_password = $pbkdf2-sha256$29000$UGrtPWdM6f1/r7U25twbQw$PAFU3GThtk6ulnXq09ruqGxjGWCd2Re9O0oTZrdg2SI
allow_unauthenticated_registration = False
clients_signing_key = /opt/wapt/conf/ca-SRV-WAPT.domain.local.pem
clients_signing_certificate = /opt/wapt/conf/ca-SRV-WAPT.domain.local.crt
clients_signing_crl = /var/www/ssl/ca-SRV-WAPT.domain.local.crl
clients_signing_crl_url = http://SRV-WAPT.domain.local/wapt/ssl/ca-SRV-WAPT.domain.local.crl
ssl_additional_crls = /var/www/ssl
use_kerberos = True
ldap_account_service_login = compte_de_service
ldap_account_service_password = mdp_compte
ldap_auth_base_dn = dc=domain,dc=local
ad_domain_name = domain.local
ldap_nesting_group_support = True
ldap_primary_group_ad_support = True
wapt_admin_group = GL_RIT
login_on_wads = False
The connection test /opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh seems to be OK:

Code: Select all

----------------------------------------------------------------
Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Username : clafon
Group test member : GL_RIT
----------------------------------------------------------------
[OK] Test SSO SELFSERVICE LDAP with ldap_account_service_login
----------------------------------------------------------------
Test ldap with direct Login
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

January 14, 2025 - 09:35

Hello,

for TomTom, you should upgrade to the latest version to see if it's better; you seem to be using the previous version. We've made some changes.

For Clafon, your connectivity script seems to be working correctly. So the connection to the console is working?

Is it just the self-service that isn't working? Are you using the same configuration as TomTom?

In wapt-get.ini: service_auth_type=waptserver-ldap? Or is it something else?
High
clafon
Messages: 109
Registration: Nov 06, 2024 - 10:56

January 14, 2025 - 09:41

on a user's workstation

Code: Select all

[global]
use_hostpackages=1
use_kerberos=1
use_ad_groups=False
allow_remote_reboot=1
allow_remote_shutdown=1
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
repo_url=https://srv-wapt.domain.local/wapt
wapt_server=https://srv-wapt.domain.local
verify_cert=C:\Program Files (x86)\wapt\ssl\server\SRV-WAPT.domain.local.crt
include_dmi_inventory=1
include_wmi_inventory=1
peercache_enable=0
service_auth_type=waptserver-ldap
allow_cancel_upgrade=False
waptaudit_task_period=1h

[default_global]
use_hostpackages=1
use_kerberos=1
use_ad_groups=1
allow_remote_reboot=1
allow_remote_shutdown=1
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
repo_url=https://srv-wapt.domain.local/wapt
wapt_server=https://srv-wapt.domain.local
verify_cert=C:\Program Files (x86)\wapt\ssl\server\SRV-WAPT.domain.local.crt
include_dmi_inventory=1
include_wmi_inventory=1
peercache_enable=0

[waptwua]
enabled=True
include_potentially_superseded_updates=False
download_scheduling=1d
install_at_shutdown=True
install_delay=7d

[default_waptwua]
enabled=True
include_potentially_superseded_updates=True
download_scheduling=1d
install_at_shutdown=True
install_delay=7d
sfonteneau wrote: Jan 14, 2025 - 9:35 AM For clafon, your connectivity script seems to be working correctly. So the connection to the console is working?
I didn't understand the question, sorry :(
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

January 14, 2025 - 09:53

In your configuration, I see that you have a wapt_admin_group.

Does your problem therefore only concern self-service, or also the connection to the console with login and password?
High
clafon
Messages: 109
Registration: Nov 06, 2024 - 10:56

January 14, 2025 - 09:54

For your information, when you change the self-configuration package to "system" instead of "waptserver-ldap", the packages appear in the store after you enter your login/password.
When you switch back to "waptserver-ldap", the store empties.
High
clafon
Messages: 109
Registration: Nov 06, 2024 - 10:56

January 14, 2025 - 09:54

sfonteneau wrote: Jan 14, 2025 - 09:53 In your configuration, I see that you have a wapt_admin_group.

So your problem only concerns self-service, or also the connection to the console with login and password?
The administration console works very well
High
TomTom
Messages: 79
Registration: May 25, 2018 - 3:43 p.m.

January 14, 2025 - 10:06

sfonteneau wrote: Jan 14, 2025 - 9:35 AM Hello,

For TomTom, you should upgrade to the latest version to see if it's better; you seem to be on the previous version. We've made some changes.

For Clafon, your connectivity script seems to be working correctly. So the connection to the console is working?

Is it just the self-service that isn't working? Are you using the same configuration as TomTom?

In wapt-get.ini: service_auth_type=waptserver-ldap? Or is it something else?
Hello Simon,

I'm on the latest version, I just forgot to change my signature, sorry.

Thomas
WAPT version: 2.6.0.17392 (Enterprise Edition)
Server OS: Debian 12 "Bookworm"
Administration/package creation machine OS: Windows 11 24h2
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

January 14, 2025 - 10:07

TomTom wrote: January 14, 2025 - 10:06
sfonteneau wrote: Jan 14, 2025 - 9:35 AM Hello,

For TomTom, you should upgrade to the latest version to see if it's better; you seem to be on the previous version. We've made some changes.

For Clafon, your connectivity script seems to be working correctly. So the connection to the console is working?

Is it just the self-service that isn't working? Are you using the same configuration as TomTom?

In wapt-get.ini: service_auth_type=waptserver-ldap? Or is it something else?
Hello Simon,

I'm on the latest version, I just forgot to change my signature, sorry.

Thomas
The fact that you have the line DEBUG:root:(|(&(distinguishedName=C in the script indicated an older version, that's why.

Can you test the script again?
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT