[SOLVED] Broken Auth - LDAP/Local NOT working - Cacti 1.2.15

[Pucho]

Hi folks,

I'm not sure when this began to happen but I has happened before on 1.2.10 for me, then upgraded to 1.2.11 and it's been working fine until someone reported the issue again and I thought, oh well I'd better upgrade before looking into it seriously.

I'm running Cacti 1.2.15 (with spine) on CentOS 7 using yum, so this is the latest I got.
PHP: 5.4.16
MariaDB: 5.5.68
GH Issue lodged at the time: https://github.com/Cacti/cacti/issues/3379

After the upgrade I was able to login in with my LDAP credentials from a different browser I don't normally use. I didn't tick the "Keep me in thing".

After a while, all this during the day Today, I was no longer able to use that browser to log back in. Furthermore, I had created a local account to give to the user that reported the problem in the meantime. I tested this account myself on this same browser and worked well, and then after a while, once again, not able to log in with a LOCAL account.

I was able to see on cacti's log

AUTH LDAP_SEARCH: Authentication Success, DN: CN=XXXXXXX,OU=XYZ,OU=Staff,OU=XYZ,DC=ABC,DC=xx,DC=yy
AUTH LOGIN: User 'XXXXXXX' Authenticated

I don't think this is anything to do with LDAP setting, I have had those settings since 0.88 times and never had this kind of problems.

Could this be something related to the database?

I've had a chrome browser session open since last year with the "Keep me in thing" ticked on and that's the only that is still working even though I thought it was only meant to survive 90 days?

Any hints or tips on where to look?

Thanks,

[Pucho]

I have to add, AUTH It's completely broken. I can't log in with local usernames.

Furthermore, I created a new local admin2 account, being authenticated but not logged in.

12/Jul/2021 09:46:14 - AUTH LOGIN: User 'admin2' Authenticated
12/Jul/2021 10:18:19 - AUTH LOGIN: User 'admin2' Authenticated

Using Firefox: while running a tcpdump there is absolutely nothing going on for LDAP ports. (389 and/or 636).

Using MS Edge or Chrome: I see LDAP user authenticated but it doesn't get logged in.

I'm completely stuck with 1 browser session with apparently a very old cookie session that shouldn't even be working and that's the only thing that allows me 'try' different settings. Admin account does not work.

Anyone any ideas?

[netniV]

You may find that this is not an LDAP auth issue but a secure cookies issue. If I recall, there were some settings that caused issues in earlier versions of Cacti when LDAP was enabled with secure settings turned on. But it's a while ago now so a little hazy. Check out the GitHub Isssue trackers as the answer will likely be in there.

[Pucho]

You may find that this is not an LDAP auth issue but a secure cookies issue. If I recall, there were some settings that caused issues in earlier versions of Cacti when LDAP was enabled with secure settings turned on. But it's a while ago now so a little hazy. Check out the GitHub Isssue trackers as the answer will likely be in there.

I've found a reference to $cacti_cookie_domain = 'domain.com';

It's currently commented out, doesn't work either way. I've searched and read all relevant github issues I've found but so far I can't get it to work, nor even local authentication.

I believe this the one you were referring to https://github.com/Cacti/cacti/issues/3436

[Pucho]

My gosh. Finally found it.

When I saw

Code: Select all

$url_path = '/cacti/'; 

on my

Code: Select all

include/config.php

It looked odd to me so I went and logged back in on one of my browsers and then add /cacti to the end of the url and worked.

Updated it to and started to work again.

Code: Select all

$url_path = '/';

Thanks and apologies for the noise, it's been a while since I upgraded Cacti or had to troubleshoot anything at all.