LDAP Authentication Issue/Logs (v1.2.3)

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Moderators, Developers

Post Reply
Author
Message
warnox
Posts: 22
Joined: Thu Feb 06, 2014 2:16 pm

LDAP Authentication Issue/Logs (v1.2.3)

#1 Post by warnox » Thu May 30, 2019 7:51 pm

Hi,

I'm trying to set up LDAP authentication on Cacti v1.2.3 (running on CentOS 7) but logins are failing and nothing is logged in the logs (/usr/share/cacti/log/cacti.log). The only auth related entries in the log file is when local accounts successfully log in (AUTH LOGIN: User 'admin' Authenticated). I've tried a variety of options on the User Domains page but nothing seems to be working. Is there a way of viewing/enabling LDAP logs to make troubleshooting this easier?

Network wise (telent/ping) access to the DCs is working but even if I enter the wrong password multiple times, the account doesn't get locked out. This suggests the request doesn't get as far as a DC.

Any help appreciated.

netniV
Cacti Guru User
Posts: 2808
Joined: Sun Aug 27, 2017 12:05 am

Re: LDAP Authentication Issue/Logs (v1.2.3)

#2 Post by netniV » Fri Jun 07, 2019 3:18 pm

Can you give a breakdown of the settings that you are using?

warnox
Posts: 22
Joined: Thu Feb 06, 2014 2:16 pm

Re: LDAP Authentication Issue/Logs (v1.2.3)

#3 Post by warnox » Mon Jun 10, 2019 7:26 pm

netniV wrote:Can you give a breakdown of the settings that you are using?
Apologies, just saw your reply.

Turns out I was entering something wrong, as it is working now if I use plain LDAP. Secure LDAP (SSL or TLS) is still failing with the error below in the logs (I increased the log level to debug, Settings > General > Generic Log Level). Does anything extra have to be done for secure LDAP? The DCs are already configured as it's working for other services.
AUTH DEBUG: User 'test1' attempting to login with realm 2, using method 3
AUTH LDAP: Search using ldaps://server.domain.local:636
AUTH LDAP_SEARCH: Protocol Error, Unable to bind, LDAP result: -1
AUTH LDAP_SEARCH: (/index.php[25]:include(), /include/auth.php[167]:require_once(), /auth_login.php[125]:cacti_ldap_search_dn(), /lib/ldap.php[152]:Ldap->Search(), /lib/ldap.php[696]:LdapError::GetErrorDetails(), /lib/ldap.php[325]:cacti_debug_backtrace())
AUTH LOGIN: LDAP Error: Protocol Error, Unable to bind, LDAP result: -1
AUTH DEBUG: User 'test1' attempt login locally? No

warnox
Posts: 22
Joined: Thu Feb 06, 2014 2:16 pm

Re: LDAP Authentication Issue/Logs (v1.2.3)

#4 Post by warnox » Mon Jun 10, 2019 8:49 pm

Never mind, it was a root CA trust issue.

The only odd thing is that I have to log in using the UPN if there is another user account in AD matching the same samAccountName. For example.

- user1
- user1-temp

user1 will not be able to log in as 'user1', but will have to use '[email protected]', whereas user1-temp can use just that, 'user1-temp'.

Post Reply