Actions
Support #21577
closed
LDAP (Active Directory) - cant login with domain users and no errors in production.log (?)
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Triaged:
Fixed in Releases:
Found in Releases:
Description
Hello together,
i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and an Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it running.
The Foreman Server is alredy a realm member of the Windows Active Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with the AD-User in the Foreman Webinterface. I tryed it with "DOMAIN\testuser" and "testuser". He just said the username or password is wrong, not very helpful. And i cant see anything in the logs. The only thing that i see is: I login with NEOTOKYO\testuser and in the logs in said "NEOTOKYO\\testuser" - with double backslashes.
2017-11-05 12:05:41 767e7d1e [app] [I] Started POST "/users/login" for 192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 767e7d1e [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:41 767e7d1e [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"E9rmKDJj52rerf2LigrJJT/JotX1T7HRaSg9yFadG8hnc03CHoi5fAF6NVowex42QtSlg3JBMVCSWYk4jdyX3w==", "login"=>{"login"=>"NEOTOKYO\\testuser", "password"=>"[FILTERED]"}, "commit"=>"Anmelden"}
2017-11-05 12:05:41 767e7d1e [app] [I] Redirected to https://foreman02.neotokyo.net/users/login
2017-11-05 12:05:41 767e7d1e [app] [I] Completed 302 Found in 33ms (ActiveRecord: 4.0ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Started GET "/users/login" for 192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 398f2dbb [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered users/login.html.erb within layouts/login (3.8ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered layouts/base.html.erb (1.7ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Completed 200 OK in 10ms (Views: 6.3ms | ActiveRecord: 0.8ms)
2017-11-05 12:05:47 398f2dbb [app] [I] Started POST "/users/login" for 192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 398f2dbb [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:47 398f2dbb [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"BHbYzYiutSwW1JkSO4IieOPK3LJoHqnK+KrSgWlbt1cxJ/byhyWeh/rt/ZLHqj6ceBRzsYYSW1uur48eoIhu6A==", "login"=>{"login"=>"testuser", "password"=>"[FILTERED]"}, "commit"=>"Anmelden"}
2017-11-05 12:05:47 398f2dbb [app] [I] Redirected to https://foreman02.neotokyo.net/users/login
2017-11-05 12:05:47 398f2dbb [app] [I] Completed 302 Found in 43ms (ActiveRecord: 8.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Started GET "/users/login" for 192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 e0b2d134 [app] [I] Processing by UsersController#login as HTML
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered users/login.html.erb within layouts/login (4.4ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered layouts/base.html.erb (2.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Completed 200 OK in 12ms (Views: 7.9ms | ActiveRecord: 0.7ms)
This Settings iam using:
LDAP Server: - - - - - - - - - - - - - Name: neotokyo.net # Just a name Server: neotokyodc # NetBios name of my VM LDAPS: [ ] Port: 389 Server type: Active Directory Account: - - - - - - - - - - - - - Account username: NEOTOKYO\Administrator Account password: givenPassword Base DN: CN=Users,DC=neotokyo,DC=net Group base DN: CN=Users,DC=neotokyo,DC=net LDAP Filter: [ ] Automatically create accounts in Foreman : [X] Usergroup sync: [X] Attribute mappings: - - - - - - - - - - - - - - - Login name attribute: userPrincipalName First name attribute: givenName Surname attribute: sn E-Mail Adress attribute: mail
The Attribute mappings i just copied from the original documentation.
And here are informations about my Testlab-AD:
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName : DC=neotokyo,DC=net
DNSRoot : neotokyo.net
DomainControllersContainer : OU=Domain Controllers,DC=neotokyo,DC=net
DomainMode : Windows2016Domain
DomainSID : S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest : neotokyo.net
InfrastructureMaster : neotokyodc.neotokyo.net
LastLogonReplicationInterval :
LinkedGroupPolicyObjects : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
t}
LostAndFoundContainer : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy :
Name : neotokyo
NetBIOSName : NEOTOKYOa
ObjectClass : domainDNS
ObjectGUID : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain :
PDCEmulator : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {neotokyodc.neotokyo.net}
RIDMaster : neotokyodc.neotokyo.net
SubordinateReferences : {DC=ForestDnsZones,DC=neotokyo,DC=net, DC=DomainDnsZones,DC=neotokyo,DC=net,
CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer : CN=System,DC=neotokyo,DC=net
UsersContainer : CN=Users,DC=neotokyo,DC=net
I really dont know what else can i do or what i do wrong.
Iam thanksful for any help and advice.
best regard
Actions