[rt-users] External Auth using Active Directory 2008

Howell, Van van.howell at lcu.edu
Fri Feb 3 13:08:46 EST 2012


Here is the Apache Log from my last login attempt....

[Fri Feb  3 18:02:40 2012] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Fri Feb  3 18:02:40 2012] [debug]: Trying external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: DC=xxxxxx,DC=xxx,DC=edu == Filter: (&(sAMAccountName=van.howell)(&(ObjectCategory=User)(ObjectClass=Person))) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Fri Feb  3 18:02:40 2012] [debug]: Found LDAP DN: CN=Howell\, Van,OU=Staff,OU=LCU,DC=xxxxxx,DC=xxx,DC=edu (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: DC=xxxxxx,DC=xxx,DC=edu == Filter: (member=CN=Howell, Van,OU=Staff,OU=LCU,DC=xxxxxx,DC=xxx,DC=edu) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Fri Feb  3 18:02:40 2012] [info]: My_LDAP AUTH FAILED: van.howell (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP password validation result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Fri Feb  3 18:02:40 2012] [debug]: Password Validation Check Result:  0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Fri Feb  3 18:02:40 2012] [debug]: Autohandler called ExternalAuth. Response: (0, Password Invalid) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Fri Feb  3 18:02:40 2012] [error]: FAILED LOGIN for van.howell from 10.1.5.9 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)

Van Howell
System Administrator
Lubbock Christian University

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, February 03, 2012 11:32 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Thu, Feb 02, 2012 at 06:21:20PM +0000, Howell, Van wrote:
> I added Set($LogToSyslog, "debug"); to my RT_SiteConfig.pm file I 
> don't seem to be getting an more logging.
> I restarted the httpd service, didn't see any more logging so I restarted the server.

Unfortunately - it seems you have syslog itself set to discard debug messages.  You can try turning up $LogToScreen to debug and then check your webserver logs instead of your syslog logs.

-kevin

> This is the entire tail of the messages log....
> 
> [root at OpenNMS etc]# tail /var/log/messages Feb  2 11:56:45 localhost 
> abrtd: Dump directory is a duplicate of 
> /var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
> Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
> ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), 
> sending dbus signal Feb  2 12:00:42 localhost RT: The actual HTTP_HOST 
> (192.168.1.200) does NOT match the configured WebDomain (lcu.edu). 
> Perhaps you should Set($WebDomain, '192.168.1.200'); in 
> RT_SiteConfig.pm, otherwise your internal links may be broken. 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
> Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) 
> does NOT match the configured WebDomain (lcu.edu). Perhaps you should 
> Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
> internal links may be broken. 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
> Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) 
> does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
> you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
> otherwise your internal links may be broken. 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
> Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
> uth/LDAP.pm:127) Feb  2 12:14:00 localhost RT: FAILED LOGIN for 
> van.howell from 10.1.5.9 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
> Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) 
> does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
> you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
> otherwise your internal links may be broken. 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
> Feb  2 12:16:16 localhost RT: My_LDAP AUTH FAILED: van.howell 
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
> uth/LDAP.pm:127) Feb  2 12:16:16 localhost RT: FAILED LOGIN for 
> van.howell from 10.1.5.9 
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
> 
> Thanks for helping with this.
> 
> Van Howell
> System Administrator
> Lubbock Christian University
> 
> 
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin 
> Falcone
> Sent: Thursday, February 02, 2012 11:17 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] External Auth using Active Directory 2008
> 
> On Thu, Feb 02, 2012 at 04:16:53PM +0000, Howell, Van wrote:
> > I do not have Debugging turned on. I am going to need some help turning it on since this is new to me.
> > 
> > Here are some errors from /var/log/messages...
> > 
> > This is a failed attempt...
> > 
> > Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez 
> > (can't bind: LDAP_INVALID_CREDENTIALS 49 ) 
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
> > lA
> > uth/LDAP.pm:82) Feb  1 16:02:25 localhost RT: FAILED LOGIN for 
> > mary.servantez from 10.1.41.95
> > (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
> > 
> > Here is a successful attemt....
> > 
> > Feb  2 10:14:02 localhost RT: 
> > RT::Authen::ExternalAuth::LDAP::GetAuth
> > External Auth OK ( My_LDAP ): test.account 
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
> > lA
> > uth/LDAP.pm:139) Feb  2 10:14:02 localhost RT: Couldn't enable user 
> > 28
> > (/opt/rt4/sbin/../lib/RT/User.pm:1066)
> > Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account 
> > ) per External Service (, ) 
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
> > lA
> > uth.pm:274) Feb  2 10:14:02 localhost RT: 
> > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
> > City: , Country: , EmailAddress: test.account at LCU.EDU, ExternalAuthId: 
> > test.account, Gecos: test.account, Name: test.account, Organization: 
> > ,
> > RealName: Test Account, State: , WorkPhone: , Zip:  
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
> > lA
> > uth.pm:536) Feb  2 10:14:02 localhost RT: Successful login for 
> > test.account from 10.1.5.9 
> > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
> > lA
> > uth.pm:219)
> 
> Since you're seeing these in /var/log/messages I assume you're using the syslog configuration.
> 
> You want to read about LogToSyslog in etc/RT_Config.pm then copy that setting to RT_SiteConfig.pm and change it to debug.
> 
> Restart RT and try the failed login again.
> 
> -kevin
> 
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012




More information about the rt-users mailing list