Just for the sake of completeness so that if anybody comes across this while searching for answers related to my question.
I managed to get the authentication to work as I wanted by commenting out the 'group' and 'group_attr' from the RT_SiteConfig.pm It now seems that AD will authenticate anybody with an AD account against RT. RT will set up unprivileged accounts for everyone sending in an email. In the case of support staff I get them to send a nonsensical email, locate their account and set the 'Let this user be granted rights' field which I believe ups it's permissions to privileged. I expect there's probably a 'right' way to do this but this is how I got mine to work. --np -- Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380. Registered office: 11 Conway Street, London. W1T 6BL -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nick Porter Sent: 21 March 2011 10:34 To: [email protected] Subject: Re: [rt-users] Some advice on initial config Okay, that makes sense. So I thought a different approach might be in order. Instead of having ExtertnalAuth create the privileged RT support users I'd have it create and authenticate all users as none unprivileged and manually set the support users to the correct group. The first problem I've encountered is that ExternalAuth doesn't seem to recognise the 'Domain Users' group in AD. It works fine if I explicitly add the user to the 'RT User' users group I set up from the wiki howto doc but not if I either set the 'Domain Users' group in the ExternalAuth RT_SiteConfig.pm or if I add it as a member of the 'RT Users' group. Anybody know why that might be as adding them individually to 'RT User' will be a pain. Thx for any feedback. -np -- Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380. Registered office: 11 Conway Street, London. W1T 6BL -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Thomas Sibley Sent: 18 March 2011 16:48 To: [email protected] Subject: Re: [rt-users] Some advice on initial config On 18 Mar 2011 12:31, Nick Porter wrote: > > > Hello. I've been Googling and wiki reading and following the sterling advice > of others but I have to admit I'm stuck and could do with some help. > > I'm on Debain Squeeze, Apache2 and RT3.8 with MySQL > > I've got it the web interface up and even managed to get emails to flow from > our exchange server into the general queue so I have the basics. > > My problem is with the users. I've managed to get the ExternalAuth plugin to > talk to AD/ldap and create privileged user but I'm having problem setting RT > up so that the folks submitting emails/tickets to it can log in and see the > queue and theirs/others tickets. > > An email will arrive and create a ticket and create a user with *NOPASSWORD* > but for the life of me I can't seem to be able to login with that user. Even > is if users has the 'Let this user acess RT' check set. These are internal unprivileged users that aren't authenticating through ExternalAuth and you've configured external auth to fall through to internal users? If so, they need a password to login. Thomas > Any pointers as to what I should be looking for or what common pitfall I'm > encountering? > > Thx. > -- > np > > > > > -- > Tradar Limited is a limited company registered in England and Wales. > Registered number: 3431380. > Registered office: 11 Conway Street, London. W1T 6BL > >
