Verification with:
Code: Select all
telnet srv00.xxxx.local 389
[RESOLVED] V 1.6.2.7 Unable to connect to the console via AD
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Is port 389 working now?
Verification with:
Otherwise Make the modification indicated in the previous post above (in the file /opt/wapt/waptenterprise/waptserver/auth_module_ad.py)
Verification with:
Good morning,
As mentioned, the console retrieves some information from AD (but authentication fails).
For the command: telnet srv00.xxxx.local 389
Here is the result:
As mentioned, the console retrieves some information from AD (but authentication fails).
For the command: telnet srv00.xxxx.local 389
Here is the result:
Trying 192.168.1.200...
Connected to srv00.xxxx.local.
Escape character is '^]'.
Connection closed by foreign host.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
The OUs reported in the console are reported by the workstations (no AD connection).
Seeing the OUs in the console does not necessarily mean the LDAP connection is working.
Port 389 now appears to be available, so you don't need to make the change. Your configuration seems correct.
Seeing the OUs in the console does not necessarily mean the LDAP connection is working.
Port 389 now appears to be available, so you don't need to make the change. Your configuration seems correct.
Hello,
However, when I use my AD login credentials to try to open the console with my domain account, authentication fails.
My account is indeed in the Waptadmins AD group, which is in the correct OU (as indicated in the ini file).
I don't understand what could be blocking it.
However, when I use my AD login credentials to try to open the console with my domain account, authentication fails.
My account is indeed in the Waptadmins AD group, which is in the correct OU (as indicated in the ini file).
I don't understand what could be blocking it.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Good morning
To launch the server in debug mode:
The server is then started in debug mode (leave your PuTTY window open)
You should see the authentication process
Can you provide us with the file /opt/wapt/conf/waptserver.ini (masking the sensitive information wapt_password, secret_key)?
To launch the server in debug mode:
Code: Select all
systemctl stop waptserver
/opt/wapt/runwaptserver.sh -ldebug
You should see the authentication process
Can you provide us with the file /opt/wapt/conf/waptserver.ini (masking the sensitive information wapt_password, secret_key)?
I just tested the debugging, and I got this result:
2018-12-20 11:06:41,414 DEBUG Traceback (most recent call last):
File "/opt/wapt/waptserver/server.py", line 927, in login
raise EWaptAuthenticationFailure('Authentication failed.')
EWaptAuthenticationFailure: Authentication failed.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Here it is:
[options]
waptwua_folder = /var/www/waptwua
server_uuid = a480287a-a79c-11e8-ac90-fe149ee36605
wapt_password = XXXXXXXXXXXXXXXXXXx
allow_unauthenticated_registration = True
secret_key = XXXXXXXXXXXXXXXX
use_kerberos = True
allow_unauthenticated_connect = True
wapt_admin_group_dn = CN=waptadmins,OU=Groups,DC=xxxx,DC=local
ldap_auth_server = srv00.xxxx.local
ldap_auth_base_dn = DC=xxxx,DC=local
ldap_auth_ssl_enabled = False
