On Mon, Jul 01, 2013 at 05:59:53PM +0000, Jeff Solberg wrote: > > Added the following to my site config:
Go back to the System Configuration page and confirm that you see these settings being read by RT. If you have the Plugin installed, and the logging configured, then it isn't being run. The next things to check are permissions. Can the webserver read the callbacks provided by the extension and are they being run. -kevin > #logging > Set($LogToSyslog , ''); > Set($LogToScreen , 'debug'); > Set($LogToFile , 'debug'); > Set($LogDir, '/var/log/request-tracker4'); > Set($LogToFileNamed , "rt.log"); #log to rt.log > > # end /etc/request-tracker4/RT_SiteConfig.d/logging > > And restarted apache2, I tried to log in with domain account and this is what > is being logged to rt.log > > root@admin-rt4:/var/log/request-tracker4# cat rt.log > [Mon Jul 1 17:47:43 2013] [debug]: The RTAddressRegexp option is not set in > the config. Not setting this option results in additional SQL queries to > check whether each address belongs to RT or not. It is especially important > to set this option if RT recieves emails on addresses that are not in the > database or config. (/usr/share/request-tracker4/lib/RT/Config.pm:454) > [Mon Jul 1 17:47:43 2013] [warning]: The actual HTTP_HOST (admin-rt4) does > NOT match the configured WebDomain (localhost). Perhaps you should > Set($WebDomain, 'admin-rt4'); in RT_SiteConfig.pm, otherwise your internal > links may be broken. > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > [Mon Jul 1 17:47:50 2013] [error]: FAILED LOGIN for jsolberg from > 10.10.30.63 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > [Mon Jul 1 17:49:46 2013] [info]: Successful login for root from 10.10.30.63 > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > [Mon Jul 1 17:53:05 2013] [error]: FAILED LOGIN for jsolb...@xxxxx.com from > 10.10.30.63 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > My guess is the debugging options is not telling us much :( > > Jeff > > > > - -----Original Message----- > From: rt-users-boun...@lists.bestpractical.com > [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone > Sent: Monday, July 01, 2013 9:29 AM > To: rt-users@lists.bestpractical.com > Subject: [secure] Re: [rt-users] External Auth config with RT on Debian > Sensitivity: Confidential > > * PGP Signed by an unknown key > > On Mon, Jul 01, 2013 at 04:24:51PM +0000, Jeff Solberg wrote: > > > - -----Original Message----- > > > From: rt-users-boun...@lists.bestpractical.com > > > [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin > > > Falcone > > > Sent: Monday, July 01, 2013 9:14 AM > > > To: rt-users@lists.bestpractical.com > > > Subject: [secure] Re: [rt-users] External Auth config with RT on > > > Debian > > > Sensitivity: Confidential > > > > > > > Old Signed by an unknown key > > > > > > On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote: > > > > Default settings till here.... > > > > #PLUGINS > > > > Set( @Plugins, qw(RT::Authen::ExternalAuth)); > > > > > > > > #External Auth Settings > > > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP',] ); > > > > Set($ExternalInfoPriority, [ 'My_LDAP',] ); > > > > Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, > > > > 0); Set($ExternalSettings, { > > > > 'My_LDAP' => { > > > > 'type' => 'ldap', > > > > 'server' => 'dc2.xxxxxx.com', > > > > 'user' => 'cn=Bind > > > > Ldap,ou=User,Logins,dc=intrepidls,dc=com', > > > > 'pass' => 'xxxxxxx', > > > > 'base' => 'dc=xxxx,dc=com', > > > > 'filter' => > > > > '(&(ObjectCategory=User)(ObjectClass=Person))', > > > > 'd_filter' => > > > > '(userAccountControl:1.2.840.113556.1.4.803=2)', > > > > 'group' => 'cn=Domain > > > > Users,ou=Groups_Security,dc=xxxxx,dc=com', > > > > 'group_attr' => 'member', > > > > 'tls' => 0, > > > > 'ssl_version' => 3, > > > > 'net_ldap_args' => [ version => 3, port => 3268 > > > > ], > > > > 'group_scope' => 'base', > > > > 'group_attr_value' => 'GROUP_ATTR_VALUE', > > > > 'attr_match_list' => [ > > > > 'Name', > > > > 'EmailAddress', > > > > 'RealName', > > > > ], > > > > 'attr_map' => { > > > > 'Name' => 'sAMAccountName', > > > > 'EmailAddress' => 'mail', > > > > 'Organization' => 'physicalDeliveryOfficeName', > > > > 'RealName' => 'cn', > > > > 'ExternalAuthId' => 'sAMAccountName', > > > > 'Gecos' => 'sAMAccountName', > > > > 'WorkPhone' => 'telephoneNumber', > > > > 'Address1' => 'streetAddress', > > > > 'City' => 'l', > > > > 'State' => 'st', > > > > 'Zip' => 'postalCode', > > > > 'Country' => 'co' > > > > }, > > > > }, > > > > # An example SSO cookie service > > > > 'My_SSO_Cookie' => { > > > > 'type' => 'cookie', > > > > 'name' => 'loginCookieValue', > > > > 'u_table' => 'users', > > > > 'u_field' => 'username', > > > > 'u_match_key' => 'userID', > > > > 'c_table' => 'login_cookie', > > > > 'c_field' => 'loginCookieValue', > > > > 'c_match_key' => 'loginCookieUserID', > > > > 'db_service_name' => 'My_MySQL' > > > > }, > > > > } ); > > > > > > > > 1; > > > > > > > > I then use update-rt-siteconfig to merge these settings into > > > > RT_SiteConfig.pm. From what I read this is all correct and "Should" > > > > allow AD accounts to log in. Here is what is logging in the apache2 > > > > error log: > > > > > > > > [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST > > > > (admin-rt4) does NOT match the configured WebDomain (localhost). > > > > Perhaps you should Set($WebDomain, 'admin-rt4'); in > > > > RT_SiteConfig.pm, otherwise your internal links may be broken. > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > > > > [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for > > > > jsolb...@xxxxxx.com from 10.10.30.62 > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > > [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg from > > > > 10.10.30.62 ( > > > > /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > > [Fri Jun 28 19:02:52 2013] [info]: Successful login for root from > > > > 10.10.30.62 > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > > > > root@admin-rt4:/usr/share/request-tracker4/lib# > > > > > > Navigate to Tools -> Configuration -> System Configuration and check that > > > Plugins contains RT::Authen::ExternalAuth. > > > > > Thanks for your reply. In the sys config it shows the following under > > PLUGINS: > > > > Plugins [ > > 'RT::Authen::ExternalAuth' > > ] > > Great - now go make sure your $LogToScreen is set to 'debug' and log in again. > > root will always be able to log in because it has a local password set, > you're more concerned about getting useful debugging messages for your > jsolberg user. > > - -kevin > > * Unknown Key > * 0x9E42250A > > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 3.2.1 (Build 4940) > Charset: us-ascii > > wsBVAwUBUdHDnE8vfChWkpdqAQhtUQf8D4xW7+1lNWhskwrlWBqby4bVW2GNnOLe > s4cxkRIMt5ReLeOyLZCUsUb99NuHwkPonIMrfzAHsD4b5J+bpoXI9VHwSA7Ob0EP > r9+lwAAZV+JWq0gC5BRSqZFC9nQhEOcCTQj+YDX5ykhZEBqB7pHb0fvGv1KViT5U > SPusBWr21tvjdH7++/vb0XAdxKT+JTYbjzXmVQG7Mv82A3x9Q01bNQBJ4Xn+tH4R > h/Dny3llTZYhaf1Ms9pWwSAK48gok0G7EpWYKxL5zjWZvjtWgg3ZNlXURE6MNDTv > GKaMeceeDiTZP8tdO/UA9WcxSkiqt7p4qyYigAb5J4RGKJASjCLchQ== > =aMI6 > -----END PGP SIGNATURE-----
pgpFX2s41jcLz.pgp
Description: PGP signature
