Tranquil IT Forum

Published: **October 6, 2023 - 5:50 PM**

Good morning,
On a fresh installation, I'm trying to register clients via Kerberos (if I understand correctly, this feature exists) but the WAPT Register command returns warnings and asks me for a username:

Code: Select all

C:\Windows\System32>wapt-get register
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
2023-10-06 17:39:33,457 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on global
Registering host against server: https://si-wapt-01.ad.interstis.fr
2023-10-06 17:39:34,153 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on wapt
2023-10-06 17:39:34,155 WARNING Host client certificate C:\Program Files (x86)\wapt\private\4C4C4544-0044-4810-8038-C2C04F4D3533.crt is self signed or not with client_auth capability, not using it for auth on wapt-host
Please get login for add_host:

Apparently, the certificate is not valid.
I tried a

Code: Select all

wapt-get enable-check-certificate

But I get the same answer.

I tried to pin the certificate as suggested in the documentation, same result.
I tried to recreate an initial configuration --> but what's the point of that? And what do I do with the JSON?
I tried to rebuild or recompile a wapt agent... it runs, it compiles, it downloads somewhere, then... nothing (well, what should I do after that?)

When I try to access my Wapt server http://mon-wapt.mon-domaine.fr/waptChrome and Edge refuse to connect (self-signed certificate). Firefox accepts a workaround.

How can I register my WAPT clients, please?
Thanks in advance.

Published: **October 6, 2023 - 6:02 PM**

I'll add to this with my attempt to use WAPTdeploy:

Code: Select all

c:\Users\olivier\Downloads>waptdeploy.exe  --hash=hashhashhashhashhashhashhashhash --minversion=2.4.0.14143 --wait=15 --waptsetupurl=https://siURLMASQUEE.fr/api/v3/get_waptagent_exe/{{ip}}/waptagent.exe
{"hash":"hashhashhashhashhashhashhashhash","minversion":"2.4.0.14143","wait":"15","waptsetupurl":"https://siURLMASQUEE.fr/api/v3/get_waptagent_exe/{{ip}}/waptagent.exe"}
WAPT version:
WAPT required version: 2.4.0.14143
Wapt agent path: C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe
Wget new waptagent from https://si-URLmasquee.fr/api/v3/get_waptagent_exe/172.25.64.1/waptagent.exe
Trying to reach https://si-URLmasquee.fr/api/v3/get_waptagent_exe/172.25.64.1/waptagent.exe...
Expecting hash sha256: f2blablablablad91
Using proxy :
waptagent.exe 39.5MB done in 36.01s ( 1MB/s )
Done.
SHA256 hash of downloaded setup file: f2blablabla_aussi91
OK : Hash of waptagent match expected hash.
Got version: 2.4.0.14143
Check exe digital signature...
PASS
Unable to speak with waptservice... continue (Is a server available on this address:port? THttpClientSocket.OpenBind(127.0.0.1:8088) [remoteip=] [Connect Timeout - #10])

Install ...
Launching C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe /VERYSILENT /MERGETASKS=""installService""

Install OK : 2.4.0.14143
2023-10-06 17:56:11 [WARNING] Checking if waptservice is running, and service version
Service version: 2.4.0
Update host status on the server
Delete temporay file C:\Users\OLIVIER\AppData\Local\Temp\waptagent.exe
Delete sheduled task "fullwaptupgrade"

On the console side: The client doesn't appear. With this method, a `wapt-get register` command still asks me for a username/password.

Published: **October 6, 2023 - 6:31 PM**

Good morning

Did you generate your wapt agent by checking "Use Kerberos for initial registration"?
https://www.wapt.fr/fr/doc/wapt-configuration ... html#build

And if so, did you follow this part of the documentation that you need to follow to create a keytab in your AD?
https://www.wapt.fr/fr/doc/wapt-securit ... entication

When you launch the silent installation of waptagent, the installer will not ask for a login password and the machine will register at the start of the service if it succeeds in obtaining a kerberos ticket from your ad.

Note regarding the self-signed certificate... yes, it is self-signed if you haven't replaced it with a commercial certificate or one from your internal PKI... doc: https://www.wapt.fr/fr/doc/wapt-securit ... ganization

Code: Select all

wapt-get enable-check-certificate

However, it should have passed if the DNS name you are using corresponds to the hostname ($hostname) of the machine that is used to generate the self-signed certificate during installation

Published: **October 9, 2023 - 7:14 PM**

Hello Olivier Vailleau,

I suspect you're attempting a very advanced configuration of the tool before you've fully grasped some common, yet complex, system and network administration concepts.

I encourage you to take advantage of a short support session by contacting our sales department; your company's owner and I know each other.

Published: **October 16, 2023 - 3:25 PM**

Hello,
I managed to register my clients using the WAPTAgent installer, and I believe with Kerberos authentication since no password is required, although I've never been able to verify that it works correctly via a browser.

(However, it's impossible with WAPT Deploy, whether running it manually or via GPO. The same issue occurs with the wapt-get command...).

I have other questions, but for clarity, I won't include them here; I'll create a separate thread.

Tranquil IT Forum

register without providing a login/password

register without providing a login/password

Re: Register without providing a login/password

Re: Register without providing a login/password

Re: Register without providing a login/password

Re: Register without providing a login/password