Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sat Jan 19, 2019 9:32 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: [INFO] LDAP Authentication in Active Directory
PostPosted: Fri Oct 26, 2007 6:54 pm 
Offline

Joined: Tue Oct 23, 2007 3:26 pm
Posts: 5
Location: Los Angeles
I just wanted to post this because I just spent my whole day trying to figure out why LDAP authentication wasn't working on my windows installation.

If you have some of the recent patches for Server 2003, I'm not sure which patch it is, it adds the function where it will mark any files that were copied from an external source as possibly unsafe requiring you to go into the properties of the file and clicking the unblock button. Once you do that you can use the file properly.

Well this was the problem with my installation and I had to "Unblock" the auth_login.php file. I also went ahead and "Unblocked" the cmd.php and the poller.php file.

LDAP authentication started to work immediately.

Hope this helps.


Top
 Profile  
 
 Post subject: More detail please
PostPosted: Wed Nov 07, 2007 6:59 am 
Offline

Joined: Tue Nov 06, 2007 6:48 pm
Posts: 4
Where did you have to unblock the file access?


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 08, 2008 8:57 am 
Offline

Joined: Wed Jan 24, 2007 4:15 am
Posts: 11
I've just setup an authentication against Active Directory. In case someone has troubles with that, here are the settings (cacti 0.8.7a).
Browse to configuration, settings, authentication:

Authentication Method: Ldap Authentication
User Template: guest
Server: IP of your AD
Port Standard: 389
Protocol Version: Version 3
Encryption: None
Referrals: disabled
Mode: No searching
Distinguished Name (DN): <username>@your_domain.com

Cacti creates particular account after first login. Don't forget to change its permissions in Utilities - User management.

Good luck :)


Top
 Profile  
 
 Post subject: LDAP Auth with Active Directory
PostPosted: Tue Aug 19, 2008 4:08 am 
Offline

Joined: Tue Oct 16, 2007 2:59 am
Posts: 24
Can you tell me what exactly you have entered into the fields? I just don't get it working.

I have gotten it to work with phpBB3 with the following settings:
LDAP server name: localhost
LDAP server port: 389
LDAP base dn: CN=Users,DC=my,DC=domain,DC=com
LDAP uid: samaccountname
LDAP user filter: <left empty>
LDAP e-mail attribute: mail
LDAP user dn: CN=Administrator,CN=Users,DC=my,DC=domainDC=com
LDAP password: <Administrator Password>

Can someone help me how I need to adapt these settings to work with cacti? I've tried a lot of different combinations from several posts here, but always get
Code:
"LDAP Error: Authentication Failure"


Raising the log-level isn't more verbose here:
Code:
08/19/2008 10:55:25 AM - AUTH LOGIN: LDAP Error: Authentication Failure
08/19/2008 10:55:25 AM - AUTH LDAP: Authentication Failure
08/19/2008 10:55:25 AM - AUTH LDAP: Setting protocol version to 3


My cacti-version is 0.8.7b.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 19, 2008 10:03 am 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6015
Location: Michigan, USA
Silly question, does your password contain any characters other than numbers and letters?

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 19, 2008 11:29 am 
Offline

Joined: Tue Oct 16, 2007 2:59 am
Posts: 24
No, nothing special.
I'm happy to provide more details if you like. Just tell me how I can help.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 02, 2008 10:38 am 
Offline

Joined: Fri Aug 22, 2008 1:21 am
Posts: 5
Just for a notice. I have exactly the same problem. I also get "LDAP Error: Authentication Failure" if i want to login. Maybe someone has a hint for us.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 02, 2008 1:54 pm 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6015
Location: Michigan, USA
Ok, this has really be bugging me and recently I have been resolving some issues in the LDAP code.

I'm curious, where is Cacti running? Linux/Unix or Windows?

Also, if you can post or email me your settings, I would greatly appreciate it.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 03, 2008 12:15 am 
Offline

Joined: Fri Aug 22, 2008 1:21 am
Posts: 5
Hi,

i attached my settings. Of course i tried changing various settings like without encryption, protocl version 2 and 3 and so on.

Version info of the ldap-server:
Quote:
Linux version 2.6.18-8.el5 ([email protected]) (gcc version 4.1.1 20070105 (Red Hat 4.1.1-52))


OpenLDAP:
Quote:
OpenLDAP: slapd 2.3.27


kind regards


Attachments:
File comment: Cacti-LDAP
cacti_ldap.JPG
cacti_ldap.JPG [ 157.94 KiB | Viewed 56343 times ]
File comment: LDAP-Browser
browser_ldap.JPG
browser_ldap.JPG [ 34.06 KiB | Viewed 56343 times ]
Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 03, 2008 9:01 am 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6015
Location: Michigan, USA
From your settings screenshot, your "Encryption" should be "None", selecting TLS and having no port will break things.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 04, 2008 12:34 am 
Offline

Joined: Fri Aug 22, 2008 1:21 am
Posts: 5
Hi,

I get still the same error message, after setting encryption to none.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 04, 2008 9:20 am 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6015
Location: Michigan, USA
Please try "Protocol Version" = "1".

Report back.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 04, 2008 9:57 am 
Offline

Joined: Thu Jun 19, 2008 8:22 am
Posts: 10
The settings I got to work in our Windows 2003 domain:

Server: <ldap server>.domain.com
Port Standard: 389
Port SSL: 689
Protocol Version: Version 3
Encryption: None
Referrals: Disabled
Mode: Specific Searching
Distinguished Name (DN): <username>@domain.com
Search Base: ou=IT Staff,ou=IT Department,dc=domain,dc=com
Search Filter: (&(objectClass=user)(objectcategory=user)(sAMAccountName=<username>))
Search Distingished Name (DN): CN=Administrator,CN=Users,DC=domain,DC=com
Search Password: <password>


Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 24, 2008 2:34 am 
Offline

Joined: Fri Aug 22, 2008 1:21 am
Posts: 5
Hi,

i´ve got it running with the following settings:

Server: 192.168.***.***
Port: 389
Protocol: Version 3
Encryption: None
Referrals: disabled
Mode: no searching
DN: <username>@***.corp
Searchbase: OU=Konten,DC=***,DC=corp

Thanks for the help.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 07, 2008 11:26 pm 
Offline
Cacti User

Joined: Thu Oct 26, 2006 5:30 pm
Posts: 59
I spent quite a while getting LDAP authenticating against AD on a Windows Server 2003 DC. Cacti is running on RHEL 5.2 64-bit. This works in my environment, where we have a limited account with AD for applications to use for querying. I was finally able to get it working with the following settings:

Code:
Server = <my server>
Port Standard = 389
Port SSL = 636
Protocol Version = 3
Encryption = None
Referals = Enabled
Mode = Specific Searching
Distinguished Name = <blank>
Search Base = ou=City,ou=Country,dc=example,dc=com
Search Filter = (&(objectclass=user)(objectcategory=user)(userPrincipalName=<username>*))
Search Distinguished Name = <my LDAP user's username>
Search Password = <my LDAP user's password


Unfortunately, I wasn't able to get encryption working (which I know works), and also couldn't get the right search base working (ou=Alpha,ou=CountryA,dc=example,dc=com;ou=Beta,ou=CountryB,dc=example,dc=com). The php-ldap module, or the way it is implemented seem to puke on multiple search bases, no idea why yet. I thought maybe I could get it to work by specifying higher in the hierarchy (eg, dc=example,dc=com), but that didn't work either.

Hope it helps, but I probably won't be keeping it on because sending authentication info in cleartext is bad news! 8)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group