[SOLVED] AD Authentication configured but its still using mysql

lewisc · 16 January 2019 11:13

I’m running the latest LibreNMS (clean install yesterday) on CentOS 7.

Its been working fine with local users but been trying to add AD authentication. I think its added correctly but when I run auth_test.php it still says mysql:

[root@xxxxxx librenms]# ./scripts/auth_test.php -l
Authentication Method: mysql
Users: lewis (1)
Total users: 1

Here is my config.php

<?php
## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php!

### Database config
$config['db_host'] = 'localhost';
$config['db_port'] = '3306';
$config['db_user'] = 'librenms';
$config['db_pass'] = 'xxxx';
$config['db_name'] = 'librenms';
$config['db_socket'] = '';

// This is the user LibreNMS will run as
//Please ensure this user is created and has the correct permissions to your install
$config['user'] = 'librenms';

### Default community
$config['snmp']['community'] = "public";

$config['mydomain'] = 'xxxx.corp';

### Authentication Model
$config[‘auth_mechanism’] = "active_directory";

### List of RFC1918 networks to allow scanning-based discovery
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";

# Update configuration
$config['update_channel'] = 'release';  # uncomment to follow the monthly release channel
#$config['update'] = 0;  # uncomment to completely disable updates

$config['discovery_by_ip'] = true;

#AD Authentication
$config[‘auth_ad_url’] = 'ldap://xx.xx.xx.xx'; // you can add multiple servers separated by a space
$config[‘auth_ad_domain’] = 'xxxx.corp';
$config[‘auth_ad_base_dn’] = 'DC=xxxx,DC=corp'; // groups and users must be under this dn#
$config[‘auth_ad_check_certificates’] = 0; // require a valid ssl certificate
$config[‘auth_ad_binduser’] = ‘xxxx’;
$config[‘auth_ad_bindpassword’] = 'xxxx';
$config[‘auth_ad_timeout’] = 5; // time to wait before giving up (or trying the next server)
$config[‘auth_ad_debug’] = true; // enable for verbose debug messages#
$config[‘active_directory’][‘users_purge’] = 25; // purge users who haven’t logged in for 25 days.
$config[‘auth_ad_require_groupmembership’] = true; // require users to be members of a group listed below
$config[‘auth_ad_groups’]['LibreNMS_Admins'][‘level’] = 10;

And here is the result of validate.php

[root@xxxxxx librenms]# ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.47-52-gd33d879
DB Schema | 1000
PHP       | 7.2.13
MySQL     | 5.5.60-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 1.8.0
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[FAIL]  The poller (xxxxx.xxxx.corp) has not completed within the last 5 minutes, check the cron job.
[WARN]  Some devices have not been polled in the last 5 minutes. You may have performance issues.
    [FIX]:
    Check your poll log and see: http://docs.librenms.org/Support/Performance/
    Devices:
     10.50.0.250
     10.131.0.250
[WARN]  Your local git contains modified files, this could prevent automatic updates.
    [FIX]:
    You can fix this with ./scripts/github-remove
    Modified Files:
     bootstrap/cache/.gitignore
     logs/.gitignore
     rrd/.gitignore
     storage/app/.gitignore
     storage/app/public/.gitignore
     storage/debugbar/.gitignore
     storage/framework/cache/.gitignore
     storage/framework/sessions/.gitignore
     storage/framework/testing/.gitignore
     storage/framework/views/.gitignore
     storage/logs/.gitignore

What is causing it to still use mysql logins?

Kevin_Krumm · 16 January 2019 12:15

This is not related to the issue but you need to run the fix that is supplied to you in the validate.

murrant · 16 January 2019 13:01

You have used the wrong quote characters in your config, use '

lewisc · 16 January 2019 13:14

Off topic.

I ran the cleanup and now get all this:

 Run the following SQL statements to fix.
        SQL Statements:
         ALTER TABLE `access_points` CHANGE `accesspoint_id` `accesspoint_id` int(11) NOT NULL auto_increment;
         ALTER TABLE `access_points` CHANGE `device_id` `device_id` int(11) NOT NULL ;
         ALTER TABLE `alerts` CHANGE `id` `id` int(11) NOT NULL auto_increment;
         ALTER TABLE `alerts` CHANGE `device_id` `device_id` int(11) NOT NULL ;
         ALTER TABLE `alerts` CHANGE `rule_id` `rule_id` int(11) NOT NULL ;
         ALTER TABLE `alert_device_map` CHANGE `id` `id` int(11) NOT NULL auto_increment;
         ALTER TABLE `alert_device_map` CHANGE `rule_id` `rule_id` int(11) NOT NULL ;
         ALTER TABLE `alert_device_map` CHANGE `device_id` `device_id` int(11) NOT NULL ;
         ALTER TABLE `alert_group_map` CHANGE `id` `id` int(11) NOT NULL auto_increment;
         ALTER TABLE `alert_group_map` CHANGE `rule_id` `rule_id` int(11) NOT NULL ;
         ALTER TABLE `alert_group_map` CHANGE `group_id` `group_id` int(11) NOT NULL ;
         ALTER TABLE `alert_log` CHANGE `id` `id` int(11) NOT NULL auto_increment;
         ALTER TABLE `alert_log` CHANGE `rule_id` `rule_id` int(11) NOT NULL ;
         ALTER TABLE `alert_log` CHANGE `device_id` `device_id` int(11) NOT NULL ;
         ALTER TABLE `alert_rules` CHANGE `id` `id` int(11) NOT NULL auto_increment;
          and 209 more...

lewisc · 16 January 2019 13:14

Changing the quotes resolved it! Rookie error.

Thanks

murrant · 17 January 2019 15:23

Your schema is extremely incorrect (due to a bug upstream).

Check logs/daily.log for ? -> 1000 ... done to figure out the previous version.

Run SQL:

UPDATE dbSchema SET version=? LIMIT 1;
DROP TABLE migrations;

Run daily:

./daily.sh

Warning future visitors. Dropping the migrations table may not be the correct move. Maybe only DELETE FROM migrations where batch=1;