-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kevin,
In System Configuration in the Web UI I show the following being read in RT. LogToFile 'debug' site config LogToFileNamed 'rt.log' site config LogToScreen 'debug' site config LogToSyslog '' site config Plugins 'RT::Authen::ExternalAuth' site config Then under loaded Perl Modules I see RT::Authen::ExternalAuth 0.16 /usr/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm I would definably agree with you that the plugin is not being run because I have done TCP Packet dumps as I was logging in and there is no activity being sent to my LDAP Server/DC. Oddly enough one would think that with the debugging set it would be telling me something. As I stated earlier the only message being logged in RT.LOG is the FAILED LOGON message. I will look at the permissions on the plugin. Should it be readable by www-data? Thanks again for your help on this. I really need to get this working so I can then move on to the next phase and tailor it to my companies needs. Jeff - -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Falcone Sent: Tuesday, July 02, 2013 10:05 AM To: [email protected] Subject: [secure] Re: [rt-users] External Auth config with RT on Debian Sensitivity: Confidential * PGP Signed by an unknown key On Mon, Jul 01, 2013 at 05:59:53PM +0000, Jeff Solberg wrote: > > Added the following to my site config: Go back to the System Configuration page and confirm that you see these settings being read by RT. If you have the Plugin installed, and the logging configured, then it isn't being run. The next things to check are permissions. Can the webserver read the callbacks provided by the extension and are they being run. - -kevin > #logging > Set($LogToSyslog , ''); > Set($LogToScreen , 'debug'); > Set($LogToFile , 'debug'); > Set($LogDir, '/var/log/request-tracker4'); > Set($LogToFileNamed , "rt.log"); #log to rt.log > > # end /etc/request-tracker4/RT_SiteConfig.d/logging > > And restarted apache2, I tried to log in with domain account and this > is what is being logged to rt.log > > root@admin-rt4:/var/log/request-tracker4# cat rt.log [Mon Jul 1 > 17:47:43 2013] [debug]: The RTAddressRegexp option is not set in the > config. Not setting this option results in additional SQL queries to > check whether each address belongs to RT or not. It is especially > important to set this option if RT recieves emails on addresses that > are not in the database or config. > (/usr/share/request-tracker4/lib/RT/Config.pm:454) > [Mon Jul 1 17:47:43 2013] [warning]: The actual HTTP_HOST (admin-rt4) > does NOT match the configured WebDomain (localhost). Perhaps you > should Set($WebDomain, 'admin-rt4'); in RT_SiteConfig.pm, otherwise > your internal links may be broken. > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > [Mon Jul 1 17:47:50 2013] [error]: FAILED LOGIN for jsolberg from > 10.10.30.63 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > [Mon Jul 1 17:49:46 2013] [info]: Successful login for root from > 10.10.30.63 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > [Mon Jul 1 17:53:05 2013] [error]: FAILED LOGIN for > [email protected] from 10.10.30.63 > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > My guess is the debugging options is not telling us much :( > > Jeff > > > > - -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kevin > Falcone > Sent: Monday, July 01, 2013 9:29 AM > To: [email protected] > Subject: [secure] Re: [rt-users] External Auth config with RT on > Debian > Sensitivity: Confidential > > > Old Signed by an unknown key > > On Mon, Jul 01, 2013 at 04:24:51PM +0000, Jeff Solberg wrote: > > > - -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of > > > Kevin Falcone > > > Sent: Monday, July 01, 2013 9:14 AM > > > To: [email protected] > > > Subject: [secure] Re: [rt-users] External Auth config with RT on > > > Debian > > > Sensitivity: Confidential > > > > > > > Old Signed by an unknown key > > > > > > On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote: > > > > Default settings till here.... > > > > #PLUGINS > > > > Set( @Plugins, qw(RT::Authen::ExternalAuth)); > > > > > > > > #External Auth Settings > > > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP',] ); > > > > Set($ExternalInfoPriority, [ 'My_LDAP',] ); > > > > Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, > > > > 0); Set($ExternalSettings, { > > > > 'My_LDAP' => { > > > > 'type' => 'ldap', > > > > 'server' => 'dc2.xxxxxx.com', > > > > 'user' => 'cn=Bind > > > > Ldap,ou=User,Logins,dc=intrepidls,dc=com', > > > > 'pass' => 'xxxxxxx', > > > > 'base' => 'dc=xxxx,dc=com', > > > > 'filter' => > > > > '(&(ObjectCategory=User)(ObjectClass=Person))', > > > > 'd_filter' => > > > > '(userAccountControl:1.2.840.113556.1.4.803=2)', > > > > 'group' => 'cn=Domain > > > > Users,ou=Groups_Security,dc=xxxxx,dc=com', > > > > 'group_attr' => 'member', > > > > 'tls' => 0, > > > > 'ssl_version' => 3, > > > > 'net_ldap_args' => [ version => 3, port => 3268 > > > > ], > > > > 'group_scope' => 'base', > > > > 'group_attr_value' => 'GROUP_ATTR_VALUE', > > > > 'attr_match_list' => [ > > > > 'Name', > > > > 'EmailAddress', > > > > 'RealName', > > > > ], > > > > 'attr_map' => { > > > > 'Name' => 'sAMAccountName', > > > > 'EmailAddress' => 'mail', > > > > 'Organization' => 'physicalDeliveryOfficeName', > > > > 'RealName' => 'cn', > > > > 'ExternalAuthId' => 'sAMAccountName', > > > > 'Gecos' => 'sAMAccountName', > > > > 'WorkPhone' => 'telephoneNumber', > > > > 'Address1' => 'streetAddress', > > > > 'City' => 'l', > > > > 'State' => 'st', > > > > 'Zip' => 'postalCode', > > > > 'Country' => 'co' > > > > }, > > > > }, > > > > # An example SSO cookie service > > > > 'My_SSO_Cookie' => { > > > > 'type' => 'cookie', > > > > 'name' => 'loginCookieValue', > > > > 'u_table' => 'users', > > > > 'u_field' => 'username', > > > > 'u_match_key' => 'userID', > > > > 'c_table' => 'login_cookie', > > > > 'c_field' => 'loginCookieValue', > > > > 'c_match_key' => 'loginCookieUserID', > > > > 'db_service_name' => 'My_MySQL' > > > > }, > > > > } ); > > > > > > > > 1; > > > > > > > > I then use update-rt-siteconfig to merge these settings into > > > > RT_SiteConfig.pm. From what I read this is all correct and "Should" > > > > allow AD accounts to log in. Here is what is logging in the apache2 > > > > error log: > > > > > > > > [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST > > > > (admin-rt4) does NOT match the configured WebDomain (localhost). > > > > Perhaps you should Set($WebDomain, 'admin-rt4'); in > > > > RT_SiteConfig.pm, otherwise your internal links may be broken. > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > > > > [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for > > > > [email protected] from 10.10.30.62 > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > > [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg > > > > from > > > > 10.10.30.62 ( > > > > /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > > [Fri Jun 28 19:02:52 2013] [info]: Successful login for root > > > > from > > > > 10.10.30.62 > > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > > > > root@admin-rt4:/usr/share/request-tracker4/lib# > > > > > > Navigate to Tools -> Configuration -> System Configuration and check that > > > Plugins contains RT::Authen::ExternalAuth. > > > > > Thanks for your reply. In the sys config it shows the following under > > PLUGINS: > > > > Plugins [ > > 'RT::Authen::ExternalAuth' > > ] > > Great - now go make sure your $LogToScreen is set to 'debug' and log in again. > > root will always be able to log in because it has a local password set, > you're more concerned about getting useful debugging messages for your > jsolberg user. > > - -kevin > > * Unknown Key > * 0x9E42250A > > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 3.2.1 (Build 4940) > Charset: us-ascii > > wsBVAwUBUdHDnE8vfChWkpdqAQhtUQf8D4xW7+1lNWhskwrlWBqby4bVW2GNnOLe > s4cxkRIMt5ReLeOyLZCUsUb99NuHwkPonIMrfzAHsD4b5J+bpoXI9VHwSA7Ob0EP > r9+lwAAZV+JWq0gC5BRSqZFC9nQhEOcCTQj+YDX5ykhZEBqB7pHb0fvGv1KViT5U > SPusBWr21tvjdH7++/vb0XAdxKT+JTYbjzXmVQG7Mv82A3x9Q01bNQBJ4Xn+tH4R > h/Dny3llTZYhaf1Ms9pWwSAK48gok0G7EpWYKxL5zjWZvjtWgg3ZNlXURE6MNDTv > GKaMeceeDiTZP8tdO/UA9WcxSkiqt7p4qyYigAb5J4RGKJASjCLchQ== > =aMI6 > -----END PGP SIGNATURE----- * Unknown Key * 0x9E42250A -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.1 (Build 4940) Charset: us-ascii wsBVAwUBUdMMW08vfChWkpdqAQiYCggAgoY4tX786FzhzU/mbpKSRRI+WNZUQFCV bM1nHEuUR9chiiriUxqo9Ygqnpwcde7aCB7zijl6AJYR55NS2cpx7Puz1ihnY5Bl HSy/Y9P0rXiu27Er1iiKjk9pA53+AjS3OZemk2W3AzVQ7Nlu8/7RQirXAn1iI0FO G4QdoUFedB8XmvKIaTGCjZLvPLl2PUq7dTk2LH6QbTtGuh8Zq+BRrZ8PGF5qnUiD c+jqhoq7zqJR+iEaO1NNirpCWtRnWCr0u2YvhSS91VwGe4QjVPMwMi9d3Ac3wmy4 6NLHzx1FsV/H0sSUn+8oiNDgc65dPf0HnjW3mLd+kOg7lyfQzlLKUw== =NYaU -----END PGP SIGNATURE-----
