Unable to use Active Directory authentication after update to Laravel authentication

Chris_Dunkinson · 12 September 2018 06:42

Our LibreNMS installation updated to the latest build overnight and since then I can’t manage to get Active Directory authentication working. Originally validate.php was showing an error for php-mysqlnd missing but that’s been updated now.

Attempting to log in to the WebUI throws errors for “No user (-1) [username]” and “A password is required”

I’ve followed the generic hints for CentOS and re-run the composer_wrapper script as well as clearing browser cookies. Our monitoring wallboard PC which remained online overnight when the auto update occured is still logged in and working fine, but new sessions can’t log in to the WebGUI.

I’m running Varnish on the same server but browsing directly to the Apache web server port makes no difference.

Output from validate.php below. The warnings for devices not being polled in the last 5 minutes are because I’ve just restarted Apache.

[root@librenms01 librenms]# ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.43-50-ge8cf6bb
DB Schema | 267
PHP       | 7.0.31
MySQL     | 5.5.60-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  Some devices have not been polled in the last 5 minutes. You may have performance issues.
        [FIX] Check your poll log and see: http://docs.librenms.org/Support/Performance/
        Devices:
[FAIL]  Some devices have not completed their polling run in 5 minutes, this will create gaps in data.
        [FIX] Check your poll log and see: http://docs.librenms.org/Support/Performance/
        Devices:
[FAIL]  Discovery has not completed in the last 24 hours.
        [FIX] Check the cron job to make sure it is running and using discovery-wrapper.py

Running the auth_test.php script seems to show authentication working OK (some OU details redacted).

[root@fnlibrenms01 librenms]# ./scripts/auth_test.php -u cdunkinson
Authentication Method: active_directory
AD bind anonymous successful
Password:
Authenticate user cdunkinson:
AUTH SUCCESS

User (25408):
  user_id => 25408
  username => cdunkinson
  realname => Chris Dunkinson
  email => [email protected]
  descr =>
  level => 10
  can_modify_passwd => 0
Groups: CN=App-LibreNMS-Admin,OU=Security Groups,DC=xxx,DC=xxx; CN=App-LibreNMS-User,OU=Security Groups,DC=xxx,DC=xxx

Appreciate any help or pointers!

PipoCanaja · 12 September 2018 06:50

Same issue here, available for tests in order to gain access again

kzaykov · 12 September 2018 10:49

found this in discord :

Alan GregoryToday at 8:13 AM

People using reverse proxy with ssl are probably going to complain about issues, because laravel returns http schema when using “asset” or “url”.
Temp fix is to set them to secure_url/secure_asset, definitive fix is to add Trusted Proxies support (HTTP Requests - Laravel 5.5 - The PHP Framework For Web Artisans)
HTTP Requests - Laravel - The PHP Framework For Web Artisans
Laravel - The PHP framework for web artisans.

Chris_Dunkinson · 12 September 2018 10:55

We’re not using SSL, and bypassing the Varnish cache/reverse proxy didn’t help.

PipoCanaja · 12 September 2018 12:04

Hello.
No SSL and no reverse proxy either.
Bye

PipoCanaja · 12 September 2018 21:06

Hello
After a daily.sh run tonight, the last PR did the job beautifully.
It even works better than before (I can now use the API cause the LDAP users are now saved in DB and available after the first login in the API list)
Thanx @murrant

murrant · 13 September 2018 01:18

Fix for reverse proxies is here: https://github.com/librenms/librenms/pull/9196