Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Wed Jun 19, 2019 1:52 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: LDAP Authentication Issue/Logs (v1.2.3)
PostPosted: Thu May 30, 2019 7:51 pm 
Offline

Joined: Thu Feb 06, 2014 2:16 pm
Posts: 21
Hi,

I'm trying to set up LDAP authentication on Cacti v1.2.3 (running on CentOS 7) but logins are failing and nothing is logged in the logs (/usr/share/cacti/log/cacti.log). The only auth related entries in the log file is when local accounts successfully log in (AUTH LOGIN: User 'admin' Authenticated). I've tried a variety of options on the User Domains page but nothing seems to be working. Is there a way of viewing/enabling LDAP logs to make troubleshooting this easier?

Network wise (telent/ping) access to the DCs is working but even if I enter the wrong password multiple times, the account doesn't get locked out. This suggests the request doesn't get as far as a DC.

Any help appreciated.


Top
 Profile  
 
 Post subject: Re: LDAP Authentication Issue/Logs (v1.2.3)
PostPosted: Fri Jun 07, 2019 3:18 pm 
Offline
Cacti Guru User

Joined: Sun Aug 27, 2017 12:05 am
Posts: 2499
Can you give a breakdown of the settings that you are using?

_________________
Official Cacti Developer

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation

My resources:
How to submit Pull Requests
Development Wiki and How To's
Updated NetSNMP Memory template for Cacti 1.x
Cisco SFP template for Cacti 0.8.8


Top
 Profile  
 
 Post subject: Re: LDAP Authentication Issue/Logs (v1.2.3)
PostPosted: Mon Jun 10, 2019 7:26 pm 
Offline

Joined: Thu Feb 06, 2014 2:16 pm
Posts: 21
netniV wrote:
Can you give a breakdown of the settings that you are using?

Apologies, just saw your reply.

Turns out I was entering something wrong, as it is working now if I use plain LDAP. Secure LDAP (SSL or TLS) is still failing with the error below in the logs (I increased the log level to debug, Settings > General > Generic Log Level). Does anything extra have to be done for secure LDAP? The DCs are already configured as it's working for other services.

Quote:
AUTH DEBUG: User 'test1' attempting to login with realm 2, using method 3
AUTH LDAP: Search using ldaps://server.domain.local:636
AUTH LDAP_SEARCH: Protocol Error, Unable to bind, LDAP result: -1
AUTH LDAP_SEARCH: (/index.php[25]:include(), /include/auth.php[167]:require_once(), /auth_login.php[125]:cacti_ldap_search_dn(), /lib/ldap.php[152]:Ldap->Search(), /lib/ldap.php[696]:LdapError::GetErrorDetails(), /lib/ldap.php[325]:cacti_debug_backtrace())
AUTH LOGIN: LDAP Error: Protocol Error, Unable to bind, LDAP result: -1
AUTH DEBUG: User 'test1' attempt login locally? No


Top
 Profile  
 
 Post subject: Re: LDAP Authentication Issue/Logs (v1.2.3)
PostPosted: Mon Jun 10, 2019 8:49 pm 
Offline

Joined: Thu Feb 06, 2014 2:16 pm
Posts: 21
Never mind, it was a root CA trust issue.

The only odd thing is that I have to log in using the UPN if there is another user account in AD matching the same samAccountName. For example.

- user1
- user1-temp

user1 will not be able to log in as 'user1', but will have to use '[email protected]', whereas user1-temp can use just that, 'user1-temp'.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group