search

shinken-monitoring / mod-auth-active-directory

Shinken module for UI authentification with Active Directory or OpenLDAP
GNU Affero General Public License v3.0
2 stars 5 forks source link

Error with webui2 #12

Open hogsim opened 8 years ago

hogsim commented 8 years ago

Hi, I get this error message :

[1445602818] INFO: [broker-master] [WebUI] user 'smh' is signing in ... [1445602818] INFO: [broker-master] [WebUI] Checking authentication for user: smh [1445602818] INFO: [broker-master] [WebUI] Requesting authentication for user: smh [1445602818] INFO: [broker-master] [WebUI] Authenticating user 'smh' [1445602818] INFO: [broker-master] [WebUI] Authenticating user 'smh' with auth-active-directory [1445602818] WARNING: [broker-master] [WebUI] The mod auth-active-directory raised an exception: {'info': '80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}, I'm tagging it to restart later [1445602818] WARNING: [broker-master] [WebUI] Exception type: [1445602818] WARNING: [broker-master] Back trace of this kill: Traceback (most recent call last): File "/var/lib/shinken/modules/webui2/submodules/auth.py", line 27, in check_auth if mod.check_auth(user, password): File "/var/lib/shinken/modules/auth-active-directory/module.py", line 229, in check_auth elts = self.find_contact_entry(c) File "/var/lib/shinken/modules/auth-active-directory/module.py", line 134, in find_contact_entry self.connect() File "/var/lib/shinken/modules/auth-active-directory/module.py", line 111, in connect self.con.simple_bind_s(self.username, self.password) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(args,*kwargs) INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}

[1445602818] INFO: [broker-master] [WebUI] Embedded authentication for 'smh' [1445602818] INFO: [broker-master] [WebUI-auth-cfg-password] Authenticating user 'smh' [1445602818] WARNING: [broker-master] [WebUI-auth-cfg-password] Authentication failed [1445602818] INFO: [broker-master] [WebUI-auth-htpasswd] Authenticating user 'smh' [1445602818] WARNING: [broker-master] [WebUI] The user 'smh' has not been authenticated. [1445602818] WARNING: [broker-master] [WebUI] user 'smh' access denied [1445602819] INFO: [broker-master] Trying to init module: auth-active-directory

And I know my credentials are correct. Has someone an idea how to fix it?

Wicaeed commented 8 years ago

FYI I was able to fix this error by changing my username to a username@ADDomain.tld format

medismail commented 8 years ago

To use openLDAP with webui2 you need to configure the "/etc/shinken/modules/auth_active_directory.cfg" file like this:

Module: auth-active-directory

Loaded by: WebUI

Usage: Uncomment and set your value in ldap_uri

Check authentification for WebUI using an Active Directory server.

define module { module_name auth-active-directory module_type ad_webui

ldap_uri ldaps://server.com

username            cn=admin, dc=server,dc=com
password            password
basedn                dc=server,dc=com
# For mode you can switch between ad (active dir)
# and openldap
mode            openldap

}

I hope that you can add this to the documentation. I have tested several times and it works!