[rt-users] Need assistance with rt authentication to Active Directory
m0bilitee
m0bilitee at gmail.com
Wed Mar 9 17:57:17 EST 2011
Hi folks, I'm trying to run rt 3.8.9 on CentOS 5.5, talking to Active
Directory on a Windows Server 2003 domain controller. I followed the guide
at the wiki at http://requesttracker.wikia.com/wiki/CentOS5InstallPlusSome and
got everything working up to the external plugin.
I consolidated the RT_SiteConfig.pm to not include the ExternalAuth pm to
make it simpler for me to edit just a single file. My RT_SiteConfig.pm looks
like this:
######################
# Custom Site Config #
######################
Set($rtname , "MyCo Inc.");
Set($Organization , "rt.mydomain.internal");
Set($MinimumPasswordLength , "5");
Set($Timezone , 'US/Central');
Set(@Plugins, qw(
RT::Authen::ExternalAuth
));
Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);
Set($DatabaseType , 'mysql');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'rt_user');
Set($DatabasePassword , 'XXXXX');
Set($DatabaseName , 'rt3');
Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);
Set($SendmailArguments , "-oi -t -f support\@rt.mydomain.internal");
Set($MaxAttachmentSize , 10000000);
Set($RTAddressRegexp , '^rt\@rt.mydomain.internal$');
Set($CorrespondAddress , 'no-reply at rt.mydomain.internal');
Set($CommentAddress , 'no-reply at rt.mydomain.internal');
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s\" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, "\"%s Ticket #%s\":;");
Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);
Set($WebPath , "/ticket");
Set($WebPort , 80);
Set($WebBaseURL , "http://rt");
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, "HARD");
Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);
Set($OldestTransactionsFirst, '1');
Set($ShowTransactionImages, 1);
Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);
Set($AutoCreate, {Privileged => 1});
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' =>
'paris.mydomain.internal',
'user' => 'rtuser',
'pass' => 'rtuserpassword',
'base' =>
'dc=newcospares,dc=internal',
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version => 3
],
'group' => 'cn=Domain
Users,ou=Users,dc=newcospares,dc=internal',
'group_attr' => 'member',
'attr_match_list' => [ 'Name',
'EmailAddress' ],
'attr_map' => { 'Name' =>
'sAMAccountName',
'EmailAddress' =>
'mail',
'Organization' =>
'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' =>
'sAMAccountName',
'Gecos' =>
'sAMAccountName',
'WorkPhone' =>
'telephoneNumber',
'Address1' =>
'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' =>
'postalCode',
'Country' => 'co'
}
}
}
);
# Steve Stuff
Set ($LogToFileName,"rt3.error");
Set ($LogDir,'/var/tmp');
Set ($LogToFile,'debug');
When I restart apache and try to log in, I get the following results in the
rt.log
[Wed Mar 9 22:26:09 2011] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Wed Mar 9 22:26:09 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Wed Mar 9 22:26:09 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Wed Mar 9 22:26:09 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Wed Mar 9 22:26:21 2011] [error]: FAILED LOGIN for mydomain.internal\steve
from 192.168.88.45 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:555)
I'm an old-school network guy, so I fire up wireshark on the box to see if
it's even talking to my DC, and there doesn't appear to be any traffic
between my rt server and the DC. What am I missing here to get this thing
to attempt to authenticate? I've looked at a lot of the old mailing list
info and I'm not seeing the thing that says "aha!"
I'm not sure what format my username is supposed to be as well, is it
"domainname\username" or just my domain username or "username at domainname"?
I've tried all variations but since I don't see traffic between the servers
I doubt I'm getting that far yet.
Many thanks in advance!
- Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110309/cbd9e02d/attachment.htm>
More information about the rt-users
mailing list