LDAP auth stopped working. How to fix or troubleshoot?

Post support questions that relate to the Windows 2003/2000/XP operating systems.

Moderators: Developers, Moderators

Post Reply
ianc911
Posts: 9
Joined: Fri Sep 01, 2023 3:58 pm

LDAP auth stopped working. How to fix or troubleshoot?

Post by ianc911 »

Hi Folks,

After mucking about with a test server (on which LDAP auth works with the default settings) I installed Cacti on our management server and began configuring it. At first LDAP auth worked, but then I began to tinker with it, experimenting with different settings in Configuration -> Settings -> Authentication -> LDAP General Settings, using different types of encryption and TLS cert requirements. None of them worked, although they should have. Finally, in frustration, I set them back to the default so that they matched the working test server, but unfortunately the act of trying these difference settings borked something because now I can't get it working at all. I have LDAP Debug Mode enabled, but there isn't anything meaningful in the logs to help troubleshoot. At least to me:

2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Login Failed for user 'joeblow' from IP Address 'xx.xx.xx.xx'.
2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Error: Authentication Failure
2023-09-22 15:26:37 - AUTH LDAP: (C:\inetpub\wwwroot\cacti\index.php[25]:include(), C:\inetpub\wwwroot\cacti\include\auth.php[158]:require_once(), C:\inetpub\wwwroot\cacti\auth_login.php[99]:ldap_login_process(), C:\inetpub\wwwroot\cacti\lib\auth.php[3743]:cacti_ldap_auth(), C:\inetpub\wwwroot\cacti\lib\ldap.php[95]:Ldap->Authenticate(), C:\inetpub\wwwroot\cacti\lib\ldap.php[704]:LdapError::GetErrorDetails(), C:\inetpub\wwwroot\cacti\lib\ldap.php[367]:cacti_debug_backtrace())
2023-09-22 15:26:37 - AUTH LDAP: Authentication Failure
2023-09-22 15:26:36 - AUTH LDAP: Binding with "admin"
2023-09-22 15:26:36 - AUTH NOTE: Setting Bind Timeout to 5 seconds
2023-09-22 15:26:36 - AUTH NOTE: Setting Network Timeout to 2 seconds
2023-09-22 15:26:36 - AUTH LDAP: Connect using ldap://mydc.mydomain.com:389

One thing that's a little wacky is that it appears to be attempting to bind to the directory with user 'admin' (on the fourth to last line). The working server has my user name in there. I've tried changing it but no dice. The error that's given at the login dialog is just 'Access Denied! Authentication Failure':

auth failure.png
auth failure.png (3.23 KiB) Viewed 7874 times
Any thoughts on how to get LDAP working again? Thanks!
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by TheWitness »

I suspect maybe your LDAP server is not responding.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
ianc911
Posts: 9
Joined: Fri Sep 01, 2023 3:58 pm

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by ianc911 »

Nah, there are three of them. If one was not responsive, I'd know about it pretty damned quick, believe me. :)

Besides, my test server which points to the same DC's is still working. Any more thoughts?
ianc911
Posts: 9
Joined: Fri Sep 01, 2023 3:58 pm

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by ianc911 »

So I'm pretty stuck here! Is it possible that the config file containing the LDAP parameters is just not getting updated properly via the UI, so that when I try to set the default values back again as they are on the test server, they're not getting used? Where is this config information stored?

Is there no useful troubleshooting information that can be obtained from the log entries shown above? I've checked the security logs on the DC the config is pointing to and don't see any log entries there, either success or failure...

Failing that, any suggestions? Should I just reinstall? I've spent way too long troubleshooting this and gotten nowhere. Any help please?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by TheWitness »

Have you tried to use ldaps? I would expect that you would be using the SSL port these days. Also, using V3 is the way to go. Not sure your settings.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
ianc911
Posts: 9
Joined: Fri Sep 01, 2023 3:58 pm

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by ianc911 »

It is trying LDAPS that broke it in the first place. I have flipped every single LDAP option available in the GUI on and off to every possible setting to see if I could make it work again with no success.

So, is it just reinstall time since apparently we have no hope of troubleshooting it? Should I try uninstalling first, or just reinstall over top?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by TheWitness »

I'm not too sure to be honest. You might consider doing a tcpdump and use Wireshark to see what's happening on the network side.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
ianc911
Posts: 9
Joined: Fri Sep 01, 2023 3:58 pm

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by ianc911 »

OK, I seem to have resolved this. For future reference, it seems that Cacti doesn't support concurrent logins from both LDAP and the local DB. While trying to get this to work, I was logged in using the local admin account and making changes while attempting logins from an incognito\private browser window using LDAP. As long as the local admin account was logged in, the LDAP login would fail. As soon as I logged out of the local admin account, the LDAP login succeeded. Shaky...

On to the next problem... :)
User avatar
Osiris
Cacti Guru User
Posts: 1424
Joined: Mon Jan 05, 2015 10:10 am

Re: LDAP auth stopped working. How to fix or troubleshoot?

Post by Osiris »

Can you open that bug in GitHub. Make sure you state your current version.
Before history, there was a paradise, now dust.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests