Project

General

Profile

Actions

Support #21577

closed

LDAP (Active Directory) - cant login with domain users and no errors in production.log (?)

Added by Anonymous over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Triaged:
Fixed in Releases:
Found in Releases:

Description

Hello together,

i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and an Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it running.

The Foreman Server is alredy a realm member of the Windows Active Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with the AD-User in the Foreman Webinterface. I tryed it with "DOMAIN\testuser" and "testuser". He just said the username or password is wrong, not very helpful. And i cant see anything in the logs. The only thing that i see is: I login with NEOTOKYO\testuser and in the logs in said "NEOTOKYO\\testuser" - with double backslashes.

2017-11-05 12:05:41 767e7d1e [app] [I] Started POST "/users/login" for 192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 767e7d1e [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:41 767e7d1e [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"E9rmKDJj52rerf2LigrJJT/JotX1T7HRaSg9yFadG8hnc03CHoi5fAF6NVowex42QtSlg3JBMVCSWYk4jdyX3w==", "login"=>{"login"=>"NEOTOKYO\\testuser", "password"=>"[FILTERED]"}, "commit"=>"Anmelden"}
2017-11-05 12:05:41 767e7d1e [app] [I] Redirected to https://foreman02.neotokyo.net/users/login
2017-11-05 12:05:41 767e7d1e [app] [I] Completed 302 Found in 33ms (ActiveRecord: 4.0ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Started GET "/users/login" for 192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 398f2dbb [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:41 398f2dbb [app] [I]   Rendered users/login.html.erb within layouts/login (3.8ms)
2017-11-05 12:05:41 398f2dbb [app] [I]   Rendered layouts/base.html.erb (1.7ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Completed 200 OK in 10ms (Views: 6.3ms | ActiveRecord: 0.8ms)
2017-11-05 12:05:47 398f2dbb [app] [I] Started POST "/users/login" for 192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 398f2dbb [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:47 398f2dbb [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"BHbYzYiutSwW1JkSO4IieOPK3LJoHqnK+KrSgWlbt1cxJ/byhyWeh/rt/ZLHqj6ceBRzsYYSW1uur48eoIhu6A==", "login"=>{"login"=>"testuser", "password"=>"[FILTERED]"}, "commit"=>"Anmelden"}
2017-11-05 12:05:47 398f2dbb [app] [I] Redirected to https://foreman02.neotokyo.net/users/login
2017-11-05 12:05:47 398f2dbb [app] [I] Completed 302 Found in 43ms (ActiveRecord: 8.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Started GET "/users/login" for 192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 e0b2d134 [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:47 e0b2d134 [app] [I]   Rendered users/login.html.erb within layouts/login (4.4ms)
2017-11-05 12:05:47 e0b2d134 [app] [I]   Rendered layouts/base.html.erb (2.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Completed 200 OK in 12ms (Views: 7.9ms | ActiveRecord: 0.7ms)

This Settings iam using:

LDAP Server:
- - - - - - - - - - - - -
Name: neotokyo.net         # Just a name
Server: neotokyodc          # NetBios name of my VM
LDAPS:  [ ]
Port: 389
Server type: Active Directory

Account:
- - - - - - - - - - - - -
Account username: NEOTOKYO\Administrator
Account password: givenPassword
Base DN: CN=Users,DC=neotokyo,DC=net
Group base DN: CN=Users,DC=neotokyo,DC=net
LDAP Filter: [ ]
Automatically create accounts in Foreman : [X]
Usergroup sync: [X]

Attribute mappings:
- - - - - - - - - - -  - - - -
Login name attribute: userPrincipalName
First name attribute: givenName
Surname attribute: sn
E-Mail Adress attribute: mail

The Attribute mappings i just copied from the original documentation.

And here are informations about my Testlab-AD:

AllowedDNSSuffixes                 : {}
ChildDomains                       : {}
ComputersContainer                 : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer            : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName                  : DC=neotokyo,DC=net
DNSRoot                            : neotokyo.net
DomainControllersContainer         : OU=Domain Controllers,DC=neotokyo,DC=net
DomainMode                         : Windows2016Domain
DomainSID                          : S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest                             : neotokyo.net
InfrastructureMaster               : neotokyodc.neotokyo.net
LastLogonReplicationInterval       : 
LinkedGroupPolicyObjects           : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
                                     t}
LostAndFoundContainer              : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy                          : 
Name                               : neotokyo
NetBIOSName                        : NEOTOKYOa
ObjectClass                        : domainDNS
ObjectGUID                         : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain                       : 
PDCEmulator                        : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling   : True
QuotasContainer                    : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers    : {}
ReplicaDirectoryServers            : {neotokyodc.neotokyo.net}
RIDMaster                          : neotokyodc.neotokyo.net
SubordinateReferences              : {DC=ForestDnsZones,DC=neotokyo,DC=net, DC=DomainDnsZones,DC=neotokyo,DC=net, 
                                     CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer                   : CN=System,DC=neotokyo,DC=net
UsersContainer                     : CN=Users,DC=neotokyo,DC=net

I really dont know what else can i do or what i do wrong.
Iam thanksful for any help and advice.

best regard

Actions #1

Updated by Anonymous over 6 years ago

  • Status changed from New to Resolved

i found the answer in the user group

https://groups.google.com/forum/#!topic/foreman-users/Nmiu0uhPcbo

thanks all.

Actions

Also available in: Atom PDF