Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Register machine outside of Active Directory with Kerberos enabled

https://forum.tranquil.it/viewtopic.php?t=1468

Page 1 of 1

Register machine outside of Active Directory with Kerberos enabled

Published: September 26, 2018 - 09:24
by James
Hello,
how do I register a machine outside of Active Directory with Kerberos enabled?
Thank you.

Re: Registering a machine outside of Active Directory with Kerberos enabled

Published: September 26, 2018 - 09:57
by sfonteneau
Place in the agent in question:

Code: Select all

use_kerberos = 0
The server should request the Wapt server username/password

Re: [SOLVED] Register machine outside of AD with Kerberos enabled

Published: September 26, 2018 - 5:47 PM
by James
Sorry, but it's not working...

I just ran some tests:

machine pc1 - W7 - machine outside the domain

waptserver.ini: basic config
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True

https://www.wapt.fr/fr/doc/Configuratio ... index.html :
allow_unauthenticated_registration = True Allows authentication Username / Password for initial registration
allow_unauthenticated_connect = False Defines whether WebSocket requests should be authenticated

test 1:

waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True

wapt-get.ini
use_kerberos = 1

wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error which is normal!

Test 2:

waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = True
use_kerberos = True

wapt-get.ini
use_kerberos = 0

wapt-get register
Waptservice User: local admin account
> The inventory is sent to the WAPT server... so there's a server-side issue that accepts machines without a WAPT admin account connection.

Test 3:

waptserver.ini:
allow_unauthentificated_connect = False
allow_unauthentificated_registration = False
use_kerberos = True

wapt-get.ini
use_kerberos = 0

wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentication error.

Test 4:

waptserver.ini:
allow_unauthentificated_connect = True
allow_unauthentificated_registration = False
use_kerberos = True

wapt-get.ini
use_kerberos = 0

wapt-get register
Waptservice User: local admin account
> WaptBadServerAuthentification error

Re: Register machine outside of Active Directory with Kerberos enabled

Published: September 26, 2018 - 8:49 PM
by sfonteneau
In any case, you have to leave

Code: Select all

allow_unauthentificated_connect = False

It does not interfere with the recording, and in terms of security, it's better if it's set to False

Test2, it's normal that it works, you put

Code: Select all

allow_unauthentificated_registration = True
So naturally the server accepts it

Test3 and Test4 should work. I just tested it and it works on my system with WAPT 1.6, but you're clearly using the local service; you need to run the command

Code: Select all

wapt-get register
In a cmd executed in administrator

[SOLVED] Register machine outside of AD with Kerberos enabled

Published: September 27, 2018 - 12:46 PM
by James
Yes, indeed, `wapt-get register` in a command prompt running as administrator does request the wapt admin account and it works! It's perfect, thank you very much!!
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru