Page 1 of 2
[RESOLVED] UPDATE 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 12:39
by t.heroult
Good morning
I just installed the latest version of WAPT and nothing works anymore!
I can no longer connect via the web browser or via the console.
The login information is being rejected even though it is correct...
Server log:
Code: Select all
Jan 10 12:33:27 SRVWAPT-SRV waptserver[1682740]: 2025-01-10 12:33:27,779 [waptauth ] WARNING Failed auth for None from MON_IP path /
Jan 10 12:33:29 SRVWAPT-SRV waptserver[1682740]: 2025-01-10 12:33:29,146 [waptauth ] WARNING Failed auth for MON_LOGIN from MON_IP path /
Jan 10 12:34:05 SRVWAPT-SRV waptserver[532]: 2025-01-10 12:34:05,588 [waptauth ] WARNING Failed auth for MON_LOGIN from MON_IP path /
...
Jan 10 12:34:07 SRVWAPT-SRV waptserver[532]: 2025-01-10 12:34:07,284 [waptauth ] WARNING Failed auth for MON_LOGIN from MON_IP path /
Jan 10 12:35:56 SRVWAPT-SRV waptserver[532]: 2025-01-10 12:35:56,728 [waptauth ] WARNING Failed auth for MON_LOGIN from MON_IP path /api/v3/login
Jan 10 12:40:09 SRVWAPT-SRV waptserver[532]: 2025-01-10 12:40:09,073 [waptauth ] WARNING Failed auth for MON_LOGIN from MON_IP path /api/v3/login
Any ideas?
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 12:56 PM
by sfonteneau
Hello,
is this an LDAP or admin connection?
In the changelog, we specified
[REF] waptserver: remove config wapt_admin_group_dn replace by wapt_admin_group (specify a samaccountname).
Do you have wapt_admin_group_dn in your configuration or wapt_admin_group?
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 12:59 PM
by t.heroult
LDAP connection.
I just checked and modified the waptserver.ini file to change the parameter name, and even after rebooting, the problem remains the same.
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 2:05 PM
by sfonteneau
Can you test this script?
/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 2:06 PM
by t.heroult
Result:
Code: Select all
{'success': False, 'groups': [], 'error': False, 'msg': 'Kerberos EGssApi: Failed to acquire credentials for specified user - Unspecified GSS failure. Minor code may provide more information'}
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 2:11 PM
by sfonteneau
Can you run `
kinit username?
--> password`?
What is the Wapt configuration at the LDAP level? (IP address, not server address?)
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 2:25 PM
by t.heroult
kinit:
It asked for the password, I entered it and it returned to the prompt without further information (in any case, no error message)
Config:
In the waptserver.ini, the ldap_auth_server is in name, not in IP.
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 2:40 PM
by sfonteneau
And the name does indeed correspond to a DC?
otherwise you can delete
ldap_auth_server
ldap_auth_base_dn
and leave only:
Code: Select all
ad_domain_name = ad.mydomain.lan
wapt_admin_group = waptadmins
In this way, if the site and service are properly configured, the Wapt server will act like a Windows client, making a clap request to automatically find the correct domain controller.
In case of AD migration, name change, etc., WAPT will automatically resume working
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 3:23 PM
by t.heroult
Yes, this is indeed the main DC.
The configuration is exactly the same as with the second WAPT server (previous version), which does not present any access problems.
Re: Update 2.6.0.16767: No more HTTP access!!!
Published: January 10, 2025 - 3:30 PM
by t.heroult
Okay, I found it.
When I renamed the "wapt_admin_group" parameter, I left the value as "dn"...
I changed it to samaccountname and rebooted, and it's working.
It's a shame it didn't happen during the update
. Thanks for your help!