Tranquil IT Forum

Hello,

I'm currently using wapt-entreprise and I'm having trouble with the self-service portal for my remote users.

When they're in the office, it works perfectly (first point ;p).
Then,
when they leave, go home, and turn on the VPN, it fails (it tells them the password is incorrect).
I take control of their computer
, restart the waptservice, and it works again.

How can I bypass/fix this issue? And/or what's causing this authentication problem?

Thanks in advance

. Best regards.

Good morning

Sometimes it's a "krbtgt" issue on the local machine regarding remote work

The ideal solution would be to switch the service to waptserver-ldap mode


This limits the problems since the WAPT server handles the authentication, not the local machine

On the server side, however, LDAP must be configured:

https://www.wapt.fr/fr/doc/wapt-securit ... entication

And if you are using Kerberso, you must also configure the following:

https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on

Good morning,

Thank you for this feedback

Yes, I am using Kerberos authentication
To be "sure" of not making a mistake, I "simply" need to add:

wapt_admin_group_dn=CN=waptadmins,OU=groups,OU=tranquilit,DC=mydomain,DC=lan
ldap_auth_server=srvads.mydomain.lan
ldap_auth_base_dn=DC=mydomain,DC=lan
ldap_auth_ssl_enabled=False

of course adapted to my domain (AD), and I modify the file on each client:

C:\Program Files (x86)\wapt\wapt-get.ini
[global]
service_auth_type=waptserver-ldap

Will this have any impact on machines that currently authenticate using Kerberos? (Will both be accepted?)

THANKS

Sincerely

Hello Walibix,

yes, it should test Kerberos auth, and fall back to login/password auth if Kerberos auth is not available (i.e. the domain controller is not accessible).

For Kerberos, you will need to add an additional service account:

https://www.wapt.fr/en/doc/wapt-securit ... le-sign-on
So that the server can parse the groups from the AD