Hi All,
I'm trying to get the cobbler webui to use LDAP authentication against our
Windows AD. I've seen some previous chains on this but never a complete
resolution. The server requires authentication (no anonymous binding) and TLS
is not enabled. Below is all the various configurations and the output that I
get when running the demo_connect. Any help would really be appreciated.
First up is the output from demo_connect.py:
[cobbler tmp]# python ./demo_connect.py --user=cobbler --pass=xxxx
- trying to login with user=cobbler
Traceback (most recent call last):
File "./demo_connect.py", line 37, in ?
token = sp.login(options.user,options.password)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response
return u.close()
File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: "cobbler.cexceptions.CX:'login failed: cobbler">
Almost makes it seem like a user/password error but I'm sure it's not. Here's
my ldap configuration from /etc/cobbler/settings:
ldap_server: "<ad box>"
ldap_base_dn: "DC=<our dc>"
ldap_port: 389
ldap_tls: 0
ldap_anonymous_bind: 0
ldap_search_bind_dn: 'CN=Cobbler,CN=Users,DC=<our dc>'
ldap_search_passwd: '<cobbler pw>'
ldap_search_prefix: 'uid='
I've tried it with and without the last line but it appears to make no
difference. Note that the settings listed above work just fine in Softerra
LDAP Browser as well as ldapsearch. Here's the command entered with ldapsearch
as a test:
[cobbler tmp]# ldapsearch -LLL -x -b 'DC=<our dc>' -D
'CN=Cobbler,CN=Users,DC=<our dc>' -w <cobbler pw> -H ldap://<ad box>
"sAMAccountName=Cobbler"
And it pulls back the information just fine. So it's definitely authenticating
with our AD box without issue.
Next up is my config from modules.conf:
[authentication]
module = authn_ldap
[authorization]
module = authz_allowall
And lastly, I have been dutifully restarting the cobblerd process after any
changes to ensure they're picked up.
Anybody have any ideas? I'm hoping it's something really stupid and I've just
been staring at it so long I don't see it.
Thanks,
Rich
_________________________________________________________________
Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
