[RESOLVED] V 1.6.2.7 Unable to connect to the console via AD

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 18, 2018 - 11:11

Hello everyone !

After trying many times with various settings, I am unable to log in with Active Directory credentials to the WAPT console.

I have a WAPT enterprise license, a Windows 2008 R2 AD server, and I am using WAPT version 1.6.2.7


My .ini file is configured correctly; however, when I launch the console, I am unable to use AD credentials to log in


Here is my ini configuration (I have hidden the details of my domain controller):

Code: Select all

wapt_admin_group_dn=CN=waptadmins,OU=Groupes,DC=xxxx,DC=local
ldap_auth_server=srv00.xxxx.local
ldap_auth_base_dn=DC=xxxx,DC=local
ldap_auth_ssl_enabled=false
Last edited by guil.cap on Dec 21, 2018 - 4:51 PM, edited 1 time.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

December 18, 2018 - 1:35 PM

Works at my place
Can you try the following order:

Code: Select all

telnet srv00.xxxx.local 389
High
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 18, 2018 - 1:59 PM

When I run the telnet command I get:

Code: Select all

Trying 192.168.1.200...

Connected to srv00.xxx.local

Escape character is '^]'.
Connection closed by foreign host.
Last edited by guil.cap on Dec 18, 2018 - 2:10 PM, edited 1 time.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

December 18, 2018 - 2:03 PM

And ?

Code: Select all

telnet srv00.xxxx.local 3268
If that still doesn't work, you have a firewall problem
High
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 18, 2018 - 2:07 PM

On port 3268:

Code: Select all

Trying 192.168.1.200...
Connected to srv00.xxxx.local.
Escape character is '^]'.
Connection closed by foreign host.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

December 18, 2018 - 2:15 PM

Your ad seems not to be listening on port 389

In this case, you can modify the file /opt/wapt/waptenterprise/waptserver/auth_module_ad.py

replace on line 77:

Code: Select all

ldap_client = ldap.initialize('ldap://%s:389' % dc_name)
by

Code: Select all

ldap_client = ldap.initialize('ldap://%s:3268' % dc_name)
You can then restart the wapt service

We will address this issue in the next version
High
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 18, 2018 - 2:34 PM

However, after the telnet command, I have the impression that the connection to LDAP is working, but the connection to the AD account remains impossible
High
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 19, 2018 - 09:02

Hello,

I just did a quick check and it seems that the AD connection is working since on the left of WAPT, I can see the OUs that contain workstations and therefore add packages to the workstations in these OUs (this information may be coming back via local information on the workstations).
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

December 19, 2018 - 9:53 AM

guil.cap wrote: Dec 19, 2018 - 09:02 I can see the OUs that contain workstations and therefore add packages to the workstations in these OUs (this information may be relayed via local information on the workstations)
Indeed, the Organizational Unit information displayed in the Enterprise console is correctly retrieved from the Customer inventory.

AD provides the information to the Clients and the information is then displayed in the console.

Vincent
Vincent CARDON
Tranquil IT
High
guil.cap
Messages: 13
Registration: December 18, 2018 - 11:05 AM

December 19, 2018 - 11:28

So, my WAPT server is able to communicate with Active Directory, but I don't understand why I can't authenticate with an AD account on the console, even though:

My group is located at: xxxx.local/Groups/waptadmins
In the attributes: CN=waptadmins,OU=Groups,DC=xxxx,DC=local
My AD accounts are indeed present in the group.

I'm a bit stuck on why I can't log in.
High
Locked

Return to "WAPT Server"


  • To go further with WAPT