AD auth says no user

I had a previously working AD setup with a bind user. Now when I try to log in, I get

No user (20370) [a-jandrewartha]

auth_test.php gives me some output, but I think there should be more?

[email protected]:~$ ./scripts/auth_test.php -u a-jandrewartha
Authentication Method: active_directory
AD bind success
Password:
Authenticate user a-jandrewartha:
AUTH SUCCESS

User (20370):
Groups: CN=Domain Admins,OU=Systems Admin,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au; CN=ICT Services,OU=Non_Academic Groups,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au
[email protected]:~$ ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.43-62-g79333c4
DB Schema | 267
PHP       | 5.6.37-0+deb8u1
MySQL     | 5.5.60-0+deb8u1-log
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2.1
====================================

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  Your local git contains modified files, this could prevent automatic updates.
        [FIX] You can fix this with ./scripts/github-remove
        Modified Files:
         LibreNMS/OS/Ewc.php

(the modified file is my own work-in-progress).

Try -d on authtest.

Same output:

[email protected]:~$ ./scripts/auth_test.php -d -u a-jandrewartha
Authentication Method: active_directory
AD bind success
Password: 
Authenticate user a-jandrewartha: 
AUTH SUCCESS

User (20370):
Groups: CN=Domain Admins,OU=Systems Admin,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au; CN=ICT Services,OU=Non_Academic Groups,DC=ad,DC=ccgs,DC=wa,DC=edu,DC=au

Ok, with some printf^WToastr debugging it appears $subAuths = unpack('H2/H2/n/N/V*', $sid); is returning data with - already embedded in some components. Which seems to because the values are negative, even though the pack specification has unsigned. But the manual says

Caution Note that PHP internally stores integral values as signed. If you unpack a large unsigned long and it is of the same size as PHP internally stored values the result will be a negative number even though unsigned unpacking was specified.

Iā€™m running PHP 5.6.4 from Debian 8.11. No idea how this was working before.

(also, interesting hack that the V* overwrites all the previous elements, again per the manual).

So per the comments on the manual, this only happens on 32bit systems.

1 Like