Hello,
how do I register a machine outside of Active Directory with Kerberos enabled?
Thank you.
Register machine outside of Active Directory with Kerberos enabled
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Place in the agent in question:
The server should request the Wapt server username/password
Code: Select all
use_kerberos = 0
Sorry, but it's not working...
I just ran some tests:
machine pc1 - W7 - machine outside the domain
waptserver.ini: basic config
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
https://www.wapt.fr/fr/doc/Configuratio ... index.html :
allow_unauthenticated_registration = True Allows authentication Username / Password for initial registration
allow_unauthenticated_connect = False Defines whether WebSocket requests should be authenticated
test 1:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
wapt-get.ini
use_kerberos = 1
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error which is normal!
Test 2:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> The inventory is sent to the WAPT server... so there's a server-side issue that accepts machines without a WAPT admin account connection.
Test 3:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = False
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error.
Test 4:
waptserver.ini:
allow_unauthentificated_connect = True
allow_unauthentificated_registration = False
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentification error
I just ran some tests:
machine pc1 - W7 - machine outside the domain
waptserver.ini: basic config
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
https://www.wapt.fr/fr/doc/Configuratio ... index.html :
allow_unauthenticated_registration = True Allows authentication Username / Password for initial registration
allow_unauthenticated_connect = False Defines whether WebSocket requests should be authenticated
test 1:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
wapt-get.ini
use_kerberos = 1
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error which is normal!
Test 2:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> The inventory is sent to the WAPT server... so there's a server-side issue that accepts machines without a WAPT admin account connection.
Test 3:
waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = False
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error.
Test 4:
waptserver.ini:
allow_unauthentificated_connect = True
allow_unauthentificated_registration = False
use_kerberos = True
wapt-get.ini
use_kerberos = 0
wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentification error
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
In any case, you have to leave
It does not interfere with the recording, and in terms of security, it's better if it's set to False
Test2, it's normal that it works, you put
So naturally the server accepts it
Test3 and Test4 should work. I just tested it and it works on my system with WAPT 1.6, but you're clearly using the local service; you need to run the command
In a cmd executed in administrator
Code: Select all
allow_unauthentificated_connect = FalseIt does not interfere with the recording, and in terms of security, it's better if it's set to False
Test2, it's normal that it works, you put
Code: Select all
allow_unauthentificated_registration = TrueTest3 and Test4 should work. I just tested it and it works on my system with WAPT 1.6, but you're clearly using the local service; you need to run the command
Code: Select all
wapt-get register