Page 2 of 3
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 12:41
by sfonteneau
Is port 389 working now?
Verification with:
Otherwise Make the modification indicated in the previous post above (in the file /opt/wapt/waptenterprise/waptserver/auth_module_ad.py)
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 12:44 PM
by guil.cap
Good morning,
As mentioned, the console retrieves some information from AD (but authentication fails).
For the command: telnet srv00.xxxx.local 389
Here is the result:
Trying 192.168.1.200...
Connected to srv00.xxxx.local.
Escape character is '^]'.
Connection closed by foreign host.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 1:16 PM
by sfonteneau
The OUs reported in the console are reported by the workstations (no AD connection).
Seeing the OUs in the console does not necessarily mean the LDAP connection is working.
Port 389 now appears to be available, so you don't need to make the change. Your configuration seems correct.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 1:35 PM
by guil.cap
Hello,
However, when I use my AD login credentials to try to open the console with my domain account, authentication fails.
My account is indeed in the Waptadmins AD group, which is in the correct OU (as indicated in the ini file).
I don't understand what could be blocking it.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 20, 2018 - 09:01
by guil.cap
Is there a system that allows testing the WAPT/AD connection with logs?
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 20, 2018 - 10:53
by sfonteneau
Good morning
To launch the server in debug mode:
Code: Select all
systemctl stop waptserver
/opt/wapt/runwaptserver.sh -ldebug
The server is then started in debug mode (leave your PuTTY window open)
You should see the authentication process
Can you provide us with the file /opt/wapt/conf/waptserver.ini (masking the sensitive information wapt_password, secret_key)?
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 20, 2018 - 11:07
by guil.cap
I just tested the debugging, and I got this result:
2018-12-20 11:06:41,414 DEBUG Traceback (most recent call last):
File "/opt/wapt/waptserver/server.py", line 927, in login
raise EWaptAuthenticationFailure('Authentication failed.')
EWaptAuthenticationFailure: Authentication failed.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 21, 2018 - 07:59
by guil.cap
Do you have any idea what could be causing this blockage?
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 21, 2018 - 09:16
by sfonteneau
guil.cap wrote: ↑Dec 21, 2018 - 07:59
Do you have any idea about this blockage?
The log doesn't mention the LDAP part
Can you provide us with the file /opt/wapt/conf/waptserver.ini (masking the sensitive information wapt_password, secret_key)?
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 21, 2018 - 12:01
by guil.cap
Here it is:
[options]
waptwua_folder = /var/www/waptwua
server_uuid = a480287a-a79c-11e8-ac90-fe149ee36605
wapt_password = XXXXXXXXXXXXXXXXXXx
allow_unauthenticated_registration = True
secret_key = XXXXXXXXXXXXXXXX
use_kerberos = True
allow_unauthenticated_connect = True
wapt_admin_group_dn = CN=waptadmins,OU=Groups,DC=xxxx,DC=local
ldap_auth_server = srv00.xxxx.local
ldap_auth_base_dn = DC=xxxx,DC=local
ldap_auth_ssl_enabled = False