Issue with Active directory Auth, groups

Help
1

Hi there, I’ve got a functioning LibreNMS install I’m trying to integrate with AD. It’s mostly working, in that my users can log in, but level setting via groups isn’t working. It LOOKS like Libre isn’t seeing the groups at all for some reason. In my config I have:

$config[‘auth_ad_global_read’] = 1;
$config[‘auth_ad_require_groupmembership’] = false;
$config[‘auth_ad_groups’][‘Role-L3.User’][‘level’] = 10;

And all my users are authing as level 5 even if they are in the group “'Role-L3.User”

I have confirmed that the user is in the group using:

gpresult -R

on a windows box. Output is

The user is a part of the following security groups
---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    Role-L1.User
    Role-L3.User

using the auth test script I get:

root@anubis:/opt/librenms# scripts/auth_test.php -u username -d
SQL[SET NAMES ‘utf8’]
SQL[SET CHARACTER SET ‘utf8’]
SQL[SET COLLATION_CONNECTION = ‘utf8_unicode_ci’]
SQL[SELECT config_name,config_value FROM config]
SQL[SELECT * FROM graph_types]
SQL[SELECT DISTINCT(os) FROM devices]
SQL[DELETE FROM session WHERE session_expiry < ‘1518400399’]
Authentication Method: active_directory
AD bind success
Password:
Authenticate user username:
AUTH SUCCESS

User (1257):
user_id => 1257
username => username
realname => Real Name
email =>
descr =>
level => 5
can_modify_passwd => 0
Groups:

Where I have swapped my username for “username” and my real name is displayed. But it looks like It finds no groups that I am a member of?

Any suggestions?

Output of validate.php

root@anubis:/opt/librenms# ./validate.php
PHP Fatal error: Uncaught Error: Call to undefined function mergedb() in /opt/librenms/validate.php:138
Stack trace:
#0 {main}
thrown in /opt/librenms/validate.php on line 138

Component Version
LibreNMS 1.36-63-g16424ef
DB Schema 235
PHP 7.0.25-0ubuntu0.16.04.1
MySQL 10.0.33-MariaDB-0ubuntu0.16.04.1
RRDTool 1.5.5
SNMP NET-SNMP 5.7.3

====================================

root@anubis:/opt/librenms#

2

Perhaps the characters are causing an issue. Just as a test try a group without - or .

3

Thanks for the reply! I just tried the group “Everyone” since all my users are a member of that group…

The user is a part of the following security groups
---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL

Same result:

User (1257):
user_id => 1257
username => username
realname => Real Name
email =>
descr =>
level => 5
can_modify_passwd => 0
Groups:

4

sigh ended up solving this myself. AD admin gave me a base DN string that was too restrictive. Loosened it up and it came right.

Thanks for looking at this!