Hello,
since upgrading to version 2.6, we've been experiencing a packet filtering issue in the self-service interface.
We have a self-service configuration package that defines filters based on the user's Active Directory (AD) group membership.
For some groups, the applications no longer appear in the self-service interface.
I've checked, and the setting is the same in both the AD configuration and the configuration package.
Server: Debian 12, Wapt Enterprise 2.6.0.16795.
Client: Windows 10
Since version 2.6, there has been a problem with self-service filtering and AD groups
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello,
could you please specify your authentication method for the self-service portal?
Do you have an Active Directory forest? Could you please specify your "service_auth_type" in wapt-get.ini?
could you please specify your authentication method for the self-service portal?
Do you have an Active Directory forest? Could you please specify your "service_auth_type" in wapt-get.ini?
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
If I understand correctly, the problem is not systematic but only affects certain groups?
That's right.
I put some software in the "Domain Users" group => everyone can see it.
Software put in other groups isn't visible.
For example, I have a "Systems_information" group, and the software isn't displayed to users who are part of that group.
I put some software in the "Domain Users" group => everyone can see it.
Software put in other groups isn't visible.
For example, I have a "Systems_information" group, and the software isn't displayed to users who are part of that group.
Wapt Enterprise Edition 2.6.1.17765
WAPTConsole Enterprise on Windows
WAPT Server on Debian 12
WAPTConsole Enterprise on Windows
WAPT Server on Debian 12
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Do you have commas in your users' DNS records?
We recently released a patch for this, but it's not yet live.
On the server, you can run:
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
to check the result.
We recently released a patch for this, but it's not yet live.
On the server, you can run:
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
to check the result.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Okay, this is a problem identified last week in the current version.
If there's a comma in the user's DN, it doesn't work...
We need to release a new version with the fix. I'll write here when it's done.
If there's a comma in the user's DN, it doesn't work...
We need to release a new version with the fix. I'll write here when it's done.
-
dcardon
- WAPT Expert
- Messages: 1930
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Sébastien,
yes, it's in this release. However, I advise you to wait until tomorrow; we should have a new release today or tomorrow with several fixes, including a problem with the registration loop if the local machine name is different from its AD samAccountName, which is quite common under Linux (shortnames in /etc/hostname are longer than 15 characters, with samAccountName being the truncated 15-character version...).
Best regards,
Denis
yes, it's in this release. However, I advise you to wait until tomorrow; we should have a new release today or tomorrow with several fixes, including a problem with the registration loop if the local machine name is different from its AD samAccountName, which is quite common under Linux (shortnames in /etc/hostname are longer than 15 characters, with samAccountName being the truncated 15-character version...).
Best regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
