AD auth says no user

trs80 · 13 September 2018 12:29

I had a previously working AD setup with a bind user. Now when I try to log in, I get

No user (20370) [a-jandrewartha]

auth_test.php gives me some output, but I think there should be more?

librenms@propus:~$ ./scripts/auth_test.php -u a-jandrewartha
Authentication Method: active_directory
AD bind success
Password:
Authenticate user a-jandrewartha:
AUTH SUCCESS

User (20370):
Groups: CN=Domain Admins,OU=Systems Admin,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au; CN=ICT Services,OU=Non_Academic Groups,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au
librenms@propus:~$ ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.43-62-g79333c4
DB Schema | 267
PHP       | 5.6.37-0+deb8u1
MySQL     | 5.5.60-0+deb8u1-log
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2.1
====================================

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  Your local git contains modified files, this could prevent automatic updates.
        [FIX] You can fix this with ./scripts/github-remove
        Modified Files:
         LibreNMS/OS/Ewc.php

(the modified file is my own work-in-progress).

murrant · 13 September 2018 12:33

Try -d on authtest.

trs80 · 13 September 2018 13:59

Same output:

librenms@propus:~$ ./scripts/auth_test.php -d -u a-jandrewartha
Authentication Method: active_directory
AD bind success
Password: 
Authenticate user a-jandrewartha: 
AUTH SUCCESS

User (20370):
Groups: CN=Domain Admins,OU=Systems Admin,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au; CN=ICT Services,OU=Non_Academic Groups,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au

trs80 · 14 September 2018 14:17

Ok, with some printf^WToastr debugging it appears $subAuths = unpack('H2/H2/n/N/V*', $sid); is returning data with - already embedded in some components. Which seems to because the values are negative, even though the pack specification has unsigned. But the manual says

Caution Note that PHP internally stores integral values as signed. If you unpack a large unsigned long and it is of the same size as PHP internally stored values the result will be a negative number even though unsigned unpacking was specified.

I’m running PHP 5.6.4 from Debian 8.11. No idea how this was working before.

(also, interesting hack that the V* overwrites all the previous elements, again per the manual).

trs80 · 14 September 2018 14:38

So per the comments on the manual, this only happens on 32bit systems.

trs80 · 14 September 2018 15:23