Hello together,
i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and an
Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it running.
The Foreman Server is alredy a realm member of the Windows Active
Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with the
AD-User in the Foreman Webinterface. I tryed it with "DOMAIN\testuser" and
"testuser". He just the username or password is wrong, not very helpful.
And i cant see anything in the logs. The only thing that i see is: I login
with NEOTOKYO\testuser and in the logs in said "NEOTOKYO\\testuser".
2017-11-05 12:05:41 767e7d1e [app] [I] Started POST "/users/login" for
192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 767e7d1e [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:41 767e7d1e [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>
"E9rmKDJj52rerf2LigrJJT/JotX1T7HRaSg9yFadG8hnc03CHoi5fAF6NVowex42QtSlg3JBMVCSWYk4jdyX3w=="
, "login"=>{"login"=>"NEOTOKYO\\testuser", "password"=>"[FILTERED]"},
"commit"=>"Anmelden"}
2017-11-05 12:05:41 767e7d1e [app] [I] Redirected to https:
//foreman02.neotokyo.net/users/login
2017-11-05 12:05:41 767e7d1e [app] [I] Completed 302 Found in 33ms (
ActiveRecord: 4.0ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Started GET "/users/login" for
192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 398f2dbb [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered users/login.html.erb
within layouts/login (3.8ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered layouts/base.html.erb (
1.7ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Completed 200 OK in 10ms (Views:
6.3ms | ActiveRecord: 0.8ms)
2017-11-05 12:05:47 398f2dbb [app] [I] Started POST "/users/login" for
192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 398f2dbb [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:47 398f2dbb [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>
"BHbYzYiutSwW1JkSO4IieOPK3LJoHqnK+KrSgWlbt1cxJ/byhyWeh/rt/ZLHqj6ceBRzsYYSW1uur48eoIhu6A=="
, "login"=>{"login"=>"testuser", "password"=>"[FILTERED]"}, "commit"=>
"Anmelden"}
2017-11-05 12:05:47 398f2dbb [app] [I] Redirected to https:
//foreman02.neotokyo.net/users/login
2017-11-05 12:05:47 398f2dbb [app] [I] Completed 302 Found in 43ms (
ActiveRecord: 8.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Started GET "/users/login" for
192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 e0b2d134 [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered users/login.html.erb
within layouts/login (4.4ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered layouts/base.html.erb (
2.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Completed 200 OK in 12ms (Views:
7.9ms | ActiveRecord: 0.7ms)
This Settings iam using:
LDAP Server:
- - - - - - - - - - - - -
Name: neotokyo.net # Just a name
Server: neotokyodc # NetBios name of my VM
LDAPS: [ ]
Port: 389
Server type: Active Directory
Account:
- - - - - - - - - - - - -
Account username: NEOTOKYO\Administrator
Account password: givenPassword
Base DN: CN=Users,DC=neotokyo,DC=net
Group base DN: CN=Users,DC=neotokyo,DC=net
LDAP Filter: [ ]
Automatically create accounts in Foreman : [X]
Usergroup sync: [X]
Attribute mappings:
- - - - - - - - - - - - - - -
Login name attribute: userPrincipalName
First name attribute: givenName
Surname attribute: sn
E-Mail Adress attribute: mail
The Attribute mappings i just copied from the original documentation.
And here are informations about my Testlab-AD:
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName : DC=neotokyo,DC=net
DNSRoot : neotokyo.net
DomainControllersContainer : OU=Domain
Controllers,DC=neotokyo,DC=net
DomainMode : Windows2016Domain
DomainSID :
S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer :
CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest : neotokyo.net
InfrastructureMaster : neotokyodc.neotokyo.net
LastLogonReplicationInterval :
LinkedGroupPolicyObjects :
{CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
t}
LostAndFoundContainer : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy :
Name : neotokyo
NetBIOSName : NEOTOKYOa
ObjectClass : domainDNS
ObjectGUID : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain :
PDCEmulator : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {neotokyodc.neotokyo.net}
RIDMaster : neotokyodc.neotokyo.net
SubordinateReferences : {DC=ForestDnsZones,DC=neotokyo,DC=net,
DC=DomainDnsZones,DC=neotokyo,DC=net,
CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer : CN=System,DC=neotokyo,DC=net
UsersContainer : CN=Users,DC=neotokyo,DC=net
I really dont know what else can i do or what i do wrong.
Iam thanksful for any help and advice.
best regard
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
