Page 1 of 3
[RESOLVED] V 1.6.2.7 Unable to connect to the console via AD
Published: Dec 18, 2018 - 11:11
by guil.cap
Hello everyone !
After trying many times with various settings, I am unable to log in with Active Directory credentials to the WAPT console.
I have a WAPT enterprise license, a Windows 2008 R2 AD server, and I am using WAPT version 1.6.2.7
My .ini file is configured correctly; however, when I launch the console, I am unable to use AD credentials to log in
Here is my ini configuration (I have hidden the details of my domain controller):
Code: Select all
wapt_admin_group_dn=CN=waptadmins,OU=Groupes,DC=xxxx,DC=local
ldap_auth_server=srv00.xxxx.local
ldap_auth_base_dn=DC=xxxx,DC=local
ldap_auth_ssl_enabled=false
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 1:35 PM
by sfonteneau
Works at my place
Can you try the following order:
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 1:59 PM
by guil.cap
When I run the telnet command I get:
Code: Select all
Trying 192.168.1.200...
Connected to srv00.xxx.local
Escape character is '^]'.
Connection closed by foreign host.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 2:03 PM
by sfonteneau
And ?
If that still doesn't work, you have a firewall problem
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 2:07 PM
by guil.cap
On port 3268:
Code: Select all
Trying 192.168.1.200...
Connected to srv00.xxxx.local.
Escape character is '^]'.
Connection closed by foreign host.
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 2:15 PM
by sfonteneau
Your ad seems not to be listening on port 389
In this case, you can modify the file /opt/wapt/waptenterprise/waptserver/auth_module_ad.py
replace on line 77:
Code: Select all
ldap_client = ldap.initialize('ldap://%s:389' % dc_name)
by
Code: Select all
ldap_client = ldap.initialize('ldap://%s:3268' % dc_name)
You can then restart the wapt service
We will address this issue in the next version
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 18, 2018 - 2:34 PM
by guil.cap
However, after the telnet command, I have the impression that the connection to LDAP is working, but the connection to the AD account remains impossible
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 09:02
by guil.cap
Hello,
I just did a quick check and it seems that the AD connection is working since on the left of WAPT, I can see the OUs that contain workstations and therefore add packages to the workstations in these OUs (this information may be coming back via local information on the workstations).
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 09:53
by vcardon
guil.cap wrote: ↑Dec 19, 2018 - 09:02
I can see the OUs that contain workstations and therefore add packages to the workstations in these OUs (this information may be relayed via local information on the workstations)
Indeed, the Organizational Unit information displayed in the Enterprise console is correctly retrieved from the Customer inventory.
AD provides the information to the Clients and the information is then displayed in the console.
Vincent
Re: V1.6.2.7 Connection to the console with the ad failed
Published: Dec 19, 2018 - 11:28
by guil.cap
So, my WAPT server is able to communicate with Active Directory, but I don't understand why I can't authenticate with an AD account on the console, even though:
My group is located at: xxxx.local/Groups/waptadmins
In the attributes: CN=waptadmins,OU=Groups,DC=xxxx,DC=local
My AD accounts are indeed present in the group.
I'm a bit stuck on why I can't log in.