Hello together,
i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and an
Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it running.
The Foreman Server is alredy a realm member of the Windows Active
Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with the
AD-User in the Foreman Webinterface. I tryed it with "DOMAIN\testuser" and
"testuser". He just the username or password is wrong, not very helpful.
And i cant see anything in the logs. The only thing that i see is: I login
with NEOTOKYO\testuser and in the logs in said "NEOTOKYO\\testuser".
2017-11-05 12:05:41 767e7d1e [app] [I] Started POST "/users/login" for
192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 767e7d1e [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:41 767e7d1e [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>
"E9rmKDJj52rerf2LigrJJT/JotX1T7HRaSg9yFadG8hnc03CHoi5fAF6NVowex42QtSlg3JBMVCSWYk4jdyX3w=="
, "login"=>{"login"=>"NEOTOKYO\\testuser", "password"=>"[FILTERED]"},
"commit"=>"Anmelden"}
2017-11-05 12:05:41 767e7d1e [app] [I] Redirected to https:
//foreman02.neotokyo.net/users/login
2017-11-05 12:05:41 767e7d1e [app] [I] Completed 302 Found in 33ms (
ActiveRecord: 4.0ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Started GET "/users/login" for
192.168.188.22 at 2017-11-05 12:05:41 +0100
2017-11-05 12:05:41 398f2dbb [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered users/login.html.erb
within layouts/login (3.8ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Rendered layouts/base.html.erb (
1.7ms)
2017-11-05 12:05:41 398f2dbb [app] [I] Completed 200 OK in 10ms (Views:
6.3ms | ActiveRecord: 0.8ms)
2017-11-05 12:05:47 398f2dbb [app] [I] Started POST "/users/login" for
192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 398f2dbb [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:47 398f2dbb [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>
"BHbYzYiutSwW1JkSO4IieOPK3LJoHqnK+KrSgWlbt1cxJ/byhyWeh/rt/ZLHqj6ceBRzsYYSW1uur48eoIhu6A=="
, "login"=>{"login"=>"testuser", "password"=>"[FILTERED]"}, "commit"=>
"Anmelden"}
2017-11-05 12:05:47 398f2dbb [app] [I] Redirected to https:
//foreman02.neotokyo.net/users/login
2017-11-05 12:05:47 398f2dbb [app] [I] Completed 302 Found in 43ms (
ActiveRecord: 8.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Started GET "/users/login" for
192.168.188.22 at 2017-11-05 12:05:47 +0100
2017-11-05 12:05:47 e0b2d134 [app] [I] Processing by UsersController#login
as HTML
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered users/login.html.erb
within layouts/login (4.4ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Rendered layouts/base.html.erb (
2.6ms)
2017-11-05 12:05:47 e0b2d134 [app] [I] Completed 200 OK in 12ms (Views:
7.9ms | ActiveRecord: 0.7ms)
This Settings iam using:
LDAP Server:
- - - - - - - - - - - - -
Name: neotokyo.net # Just a name
Server: neotokyodc # NetBios name of my VM
LDAPS: [ ]
Port: 389
Server type: Active Directory
Account:
- - - - - - - - - - - - -
Account username: NEOTOKYO\Administrator
Account password: givenPassword
Base DN: CN=Users,DC=neotokyo,DC=net
Group base DN: CN=Users,DC=neotokyo,DC=net
LDAP Filter: [ ]
Automatically create accounts in Foreman : [X]
Usergroup sync: [X]
Attribute mappings:
- - - - - - - - - - - - - - -
Login name attribute: userPrincipalName
First name attribute: givenName
Surname attribute: sn
E-Mail Adress attribute: mail
The Attribute mappings i just copied from the original documentation.
And here are informations about my Testlab-AD:
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName : DC=neotokyo,DC=net
DNSRoot : neotokyo.net
DomainControllersContainer : OU=Domain
Controllers,DC=neotokyo,DC=net
DomainMode : Windows2016Domain
DomainSID :
S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer :
CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest : neotokyo.net
InfrastructureMaster : neotokyodc.neotokyo.net
LastLogonReplicationInterval :
LinkedGroupPolicyObjects :
{CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
t}
LostAndFoundContainer : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy :
Name : neotokyo
NetBIOSName : NEOTOKYOa
ObjectClass : domainDNS
ObjectGUID : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain :
PDCEmulator : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {neotokyodc.neotokyo.net}
RIDMaster : neotokyodc.neotokyo.net
SubordinateReferences : {DC=ForestDnsZones,DC=neotokyo,DC=net,
DC=DomainDnsZones,DC=neotokyo,DC=net,
CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer : CN=System,DC=neotokyo,DC=net
UsersContainer : CN=Users,DC=neotokyo,DC=net
I really dont know what else can i do or what i do wrong.
Iam thanksful for any help and advice.
best regard
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
