register without providing a login/password

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Answer
Olivier Vailleau
Messages: 3
Registration: Oct 06, 2023 - 5:30 p.m.

October 6, 2023 - 5:50 PM

Good morning,
On a fresh installation, I'm trying to register clients via Kerberos (if I understand correctly, this feature exists) but the WAPT Register command returns warnings and asks me for a username:

Code: Select all

C:\Windows\System32>wapt-get register
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
2023-10-06 17:39:33,457 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on global
Registering host against server: https://si-wapt-01.ad.interstis.fr
2023-10-06 17:39:34,153 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on wapt
2023-10-06 17:39:34,155 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on wapt-host
Please get login for add_host:
Apparently, the certificate is not valid.
I tried a

Code: Select all

wapt-get enable-check-certificate
But I get the same answer.

I tried to pin the certificate as suggested in the documentation, same result.
I tried to recreate an initial configuration --> but what's the point of that? And what do I do with the JSON?
I tried to rebuild or recompile a wapt agent... it runs, it compiles, it downloads somewhere, then... nothing (well, what should I do after that?)

When I try to access my Wapt server http://mon-wapt.mon-domaine.fr/waptChrome and Edge refuse to connect (self-signed certificate). Firefox accepts a workaround.

How can I register my WAPT clients, please?
Thanks in advance.
High
Olivier Vailleau
Messages: 3
Registration: Oct 06, 2023 - 5:30 p.m.

October 6, 2023 - 6:02 PM

I'll add to this with my attempt to use WAPTdeploy:

Code: Select all

c:\Users\olivier\Downloads>waptdeploy.exe  --hash=hashhashhashhashhashhashhashhash --minversion=2.4.0.14143 --wait=15 --waptsetupurl=https://siURLMASQUEE.fr/api/v3/get_waptagent_exe/{{ip}}/waptagent.exe
{"hash":"hashhashhashhashhashhashhashhash","minversion":"2.4.0.14143","wait":"15","waptsetupurl":"https://siURLMASQUEE.fr/api/v3/get_waptagent_exe/{{ip}}/waptagent.exe"}
WAPT version:
WAPT required version: 2.4.0.14143
Wapt agent path: C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe
Wget new waptagent from https://si-URLmasquee.fr/api/v3/get_waptagent_exe/172.25.64.1/waptagent.exe
Trying to reach https://si-URLmasquee.fr/api/v3/get_waptagent_exe/172.25.64.1/waptagent.exe...
Expecting hash sha256: f2blablablablad91
Using proxy :
waptagent.exe 39.5MB done in 36.01s ( 1MB/s )
Done.
SHA256 hash of downloaded setup file: f2blablabla_aussi91
OK : Hash of waptagent match expected hash.
Got version: 2.4.0.14143
Check exe digital signature...
PASS
Unable to speak with waptservice... continue (Is a server available on this address:port? THttpClientSocket.OpenBind(127.0.0.1:8088) [remoteip=] [Connect Timeout - #10])

Install ...
Launching C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe /VERYSILENT /MERGETASKS=""installService""

Install OK : 2.4.0.14143
2023-10-06 17:56:11 [WARNING] Checking if waptservice is running, and service version
Service version: 2.4.0
Update host status on the server
Delete temporay file C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe
Delete sheduled task "fullwaptupgrade"
On the console side: The client doesn't appear. With this method, a `wapt-get register` command still asks me for a username/password.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

October 6, 2023 - 6:31 PM

Good morning

Did you generate your wapt agent by checking "Use Kerberos for initial registration"?
https://www.wapt.fr/fr/doc/wapt-configuration ... html#build

And if so, did you follow this part of the documentation that you need to follow to create a keytab in your AD?
https://www.wapt.fr/fr/doc/wapt-securit ... entication

When you launch the silent installation of waptagent, the installer will not ask for a login password and the machine will register at the start of the service if it succeeds in obtaining a kerberos ticket from your ad.

Note regarding the self-signed certificate... yes, it is self-signed if you haven't replaced it with a commercial certificate or one from your internal PKI... doc: https://www.wapt.fr/fr/doc/wapt-securit ... ganization

Code: Select all

wapt-get enable-check-certificate
However, it should have passed if the DNS name you are using corresponds to the hostname ($hostname) of the machine that is used to generate the self-signed certificate during installation
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

October 9, 2023 - 7:14 PM

Hello Olivier Vailleau,

I suspect you're attempting a very advanced configuration of the tool before you've fully grasped some common, yet complex, system and network administration concepts.

I encourage you to take advantage of a short support session by contacting our sales department; your company's owner and I know each other.
Vincent CARDON
Tranquil IT
High
Olivier Vailleau
Messages: 3
Registration: Oct 06, 2023 - 5:30 p.m.

October 16, 2023 - 3:25 PM

Hello,
I managed to register my clients using the WAPTAgent installer, and I believe with Kerberos authentication since no password is required, although I've never been able to verify that it works correctly via a browser.

(However, it's impossible with WAPT Deploy, whether running it manually or via GPO. The same issue occurs with the wapt-get command...).

I have other questions, but for clarity, I won't include them here; I'll create a separate thread.
High
Answer

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT