LNMS Active directory Authentication error

roberto.sordo · 27 November 2023 23:30

Hi, I am having issues to use Active directory Authentication using Group access

root@i-02ec7dd6c1177d928:/opt/librenms/scripts# ./auth_test.php -u  test -d -v
Authentication Method: active_directory
Reporting disabled by user setting
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldap://usaaws-dc01.orchest.net)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP usaaws-dc01.orchest.net:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 10.10.50.239:389
ldap_pvt_connect: fd: 6 tm: 5 async: 0
ldap_ndelay_on: 6
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 6 tm: 5
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 1
wait4msg ld 0x55ee1ce958a0 msgid 1 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 1 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Nov 28 01:50:35 2023


** ld 0x55ee1ce958a0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
   Empty
  ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 1 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 1 all 1
read1msg: ld 0x55ee1ce958a0 msgid 1 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg:  mark request completed, ld 0x55ee1ce958a0 msgid 1
request done: ld 0x55ee1ce958a0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 2
wait4msg ld 0x55ee1ce958a0 msgid 2 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 2 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Nov 28 01:50:35 2023


** ld 0x55ee1ce958a0 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
   Empty
  ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 2 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 2 all 1
read1msg: ld 0x55ee1ce958a0 msgid 2 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg:  mark request completed, ld 0x55ee1ce958a0 msgid 2
request done: ld 0x55ee1ce958a0 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ldap_msgfree
AD bind success
Password:
Authenticate user test:
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 3
wait4msg ld 0x55ee1ce958a0 msgid 3 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 3 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Nov 28 01:50:39 2023


** ld 0x55ee1ce958a0 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
   Empty
  ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 3 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 3 all 1
read1msg: ld 0x55ee1ce958a0 msgid 3 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg:  mark request completed, ld 0x55ee1ce958a0 msgid 3
request done: ld 0x55ee1ce958a0 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
Error: LibreNMS\Exceptions\AuthenticationException thrown!
User is not in one of the required groups or user/group is outside the base dn
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

ubuntu@i-02ec7dd6c1177d928:/opt/librenms$ ./validate.php

Component	Version
LibreNMS	23.11.0 (2023-11-18T00:15:03+00:00)
DB Schema	2023_11_21_172239_increase_vminfo.vmwvmguestos_column_length (274)
PHP	8.2.13
Python	3.8.10
Database	MariaDB 10.3.38-MariaDB-0ubuntu0.20.04.1
RRDTool	1.7.2
SNMP	5.8
===========================================

[OK] Composer Version: 2.6.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service not detected
[OK] Locks are functional
[OK] Python poller wrapper is polling
[OK] Redis is unavailable
[WARN] Could not check Python dependencies because this script is not running as librenms
[FIX]:
The install docs show how this is done on a new install: Installing LibreNMS - LibreNMS Docs
[OK] rrd_dir is writable
[OK] rrdtool version ok

DistinguishedName : CN=librenms-admin,OU=Groups,DC=orchest,DC=net
GroupCategory : Security
GroupScope : Global
Name : librenms-admin
ObjectClass : group
ObjectGUID : 4fe7c2a4-92b7-4739-8a83-3c9b650fc0e7
SamAccountName : librenms-admin
SID : S-1-5-21-3178212107-2497674231-1792966716-1127

cmdlet Get-ADGroupMember at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Identity: librenms-admin

distinguishedName : CN=test,CN=Users,DC=orchest,DC=net
name : test
objectClass : user
objectGUID : 6bf567bb-a4ba-482a-94c0-e757a0dff7ef
SamAccountName : test
SID : S-1-5-21-3178212107-2497674231-1792966716-1129

pjchilds · 28 November 2023 06:12

Error: LibreNMS\Exceptions\AuthenticationException thrown!
User is not in one of the required groups or user/group is outside the base dn

roberto.sordo · 28 November 2023 13:31

The group exits and the user is part of the group…

roberto.sordo · 29 November 2023 16:06

Found the error, when you add the name of the group, you need to add another empty row in the GUI. Without it, the group is deleted

system · 6 December 2023 16:07

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.