Hello,
I just installed a fresh Debian 12.
I wanted to set up Kerberos authentication (based on Active Directory).
I followed the tutorial at:
https://www.it-connect.fr/installer-wap ... logiciels/
The libnginx-mod-http-auth-spnego package doesn't seem to be available for Debian 12?
I did find some versions here:
https://wapt.tranquil.it/debian/wapt-2. ... n/n/nginx/
But they only go up to Debian 11.
I can't find any information about this in the WAPT 2.5 installation guide.
Could someone tell me if there's another way to set up Kerberos authentication?
Thank you very much,
Gregory.
[SOLVED] libnginx-mod-http-auth-spnego on Debian 12 Bookworm
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello
, libnginx-mod-http-auth-spnego is indeed in the Debian 12 repository; use this one:
https://wapt.tranquil.it/debian/wapt-2. ... th-spnego/
, libnginx-mod-http-auth-spnego is indeed in the Debian 12 repository; use this one:
https://wapt.tranquil.it/debian/wapt-2. ... th-spnego/
Note that I've made good progress with my installation.
For now (but I'll look into it on Monday), I can't explain why my WAPT server hasn't appeared in my "Provisioning" OU.
I didn't encounter any errors in my: `kinit wapt`, `klist`, and then the `msktutil` command (where I specifically added my `srv-wapt` machine to the Provisioning OU).
Thanks for the help anyway.
For now (but I'll look into it on Monday), I can't explain why my WAPT server hasn't appeared in my "Provisioning" OU.
I didn't encounter any errors in my: `kinit wapt`, `klist`, and then the `msktutil` command (where I specifically added my `srv-wapt` machine to the Provisioning OU).
Thanks for the help anyway.
Hello,
WAPT2.5 / Debian 12 Bookworm
@sfonteneau
I finished the installation and strangely, as I had already seen on Friday, I do not have any updates from my srv-wapt machine in the "prosioning" folder that I created. I even tested with another account (I correctly granted the rights to the "wapt" account on both folders (delegating control to the wapt account with only "computer" type objects and with "create/deletion" permissions set to "create" all child objects).
When I enter my wapt kinit (+password): no error.
Then the Klist correctly gives me the Kerberos ticket for the wapt account.
Next, I enter the two commands:
msktutil --server MYSERVER.domain.local --precreate --host $(hostname) -b ou=Provisioning,dc=domain,dc=local --service HTTP --description "host account for wapt server" --enctypes 24 -N
Then:
msktutil --server MYSERVER.domain.local --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N
And nothing happens in the "provisioning" folder or any other test folder (so (which I've already done before with WAPT 2.3).
If I try to go a little further (installing Waptconsole on a Windows machine), I log in to the "waptconsole" configuration, the server address is OK, the username and password are correct, and I get this error message:
If anyone has any ideas, I'd appreciate it.
Thanks.
Gregory.
WAPT2.5 / Debian 12 Bookworm
@sfonteneau
I finished the installation and strangely, as I had already seen on Friday, I do not have any updates from my srv-wapt machine in the "prosioning" folder that I created. I even tested with another account (I correctly granted the rights to the "wapt" account on both folders (delegating control to the wapt account with only "computer" type objects and with "create/deletion" permissions set to "create" all child objects).
When I enter my wapt kinit (+password): no error.
Then the Klist correctly gives me the Kerberos ticket for the wapt account.
Next, I enter the two commands:
msktutil --server MYSERVER.domain.local --precreate --host $(hostname) -b ou=Provisioning,dc=domain,dc=local --service HTTP --description "host account for wapt server" --enctypes 24 -N
Then:
msktutil --server MYSERVER.domain.local --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N
And nothing happens in the "provisioning" folder or any other test folder (so (which I've already done before with WAPT 2.3).
If I try to go a little further (installing Waptconsole on a Windows machine), I log in to the "waptconsole" configuration, the server address is OK, the username and password are correct, and I get this error message:
If anyone has any ideas, I'd appreciate it.
Thanks.
Gregory.
-
dcardon
- WAPT Expert
- Messages: 1930
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Gregory,
thank you for posting one question per topic, otherwise it's difficult to follow...
Could you please open a new topic with your latest problem?
I'm marking this topic as SOLVED.
Regards,
Denis
thank you for posting one question per topic, otherwise it's difficult to follow...
Could you please open a new topic with your latest problem?
I'm marking this topic as SOLVED.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
