LDAP auth stopped working. How to fix or troubleshoot?
Moderators: Developers, Moderators
LDAP auth stopped working. How to fix or troubleshoot?
Hi Folks,
After mucking about with a test server (on which LDAP auth works with the default settings) I installed Cacti on our management server and began configuring it. At first LDAP auth worked, but then I began to tinker with it, experimenting with different settings in Configuration -> Settings -> Authentication -> LDAP General Settings, using different types of encryption and TLS cert requirements. None of them worked, although they should have. Finally, in frustration, I set them back to the default so that they matched the working test server, but unfortunately the act of trying these difference settings borked something because now I can't get it working at all. I have LDAP Debug Mode enabled, but there isn't anything meaningful in the logs to help troubleshoot. At least to me:
2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Login Failed for user 'joeblow' from IP Address 'xx.xx.xx.xx'.
2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Error: Authentication Failure
2023-09-22 15:26:37 - AUTH LDAP: (C:\inetpub\wwwroot\cacti\index.php[25]:include(), C:\inetpub\wwwroot\cacti\include\auth.php[158]:require_once(), C:\inetpub\wwwroot\cacti\auth_login.php[99]:ldap_login_process(), C:\inetpub\wwwroot\cacti\lib\auth.php[3743]:cacti_ldap_auth(), C:\inetpub\wwwroot\cacti\lib\ldap.php[95]:Ldap->Authenticate(), C:\inetpub\wwwroot\cacti\lib\ldap.php[704]:LdapError::GetErrorDetails(), C:\inetpub\wwwroot\cacti\lib\ldap.php[367]:cacti_debug_backtrace())
2023-09-22 15:26:37 - AUTH LDAP: Authentication Failure
2023-09-22 15:26:36 - AUTH LDAP: Binding with "admin"
2023-09-22 15:26:36 - AUTH NOTE: Setting Bind Timeout to 5 seconds
2023-09-22 15:26:36 - AUTH NOTE: Setting Network Timeout to 2 seconds
2023-09-22 15:26:36 - AUTH LDAP: Connect using ldap://mydc.mydomain.com:389
One thing that's a little wacky is that it appears to be attempting to bind to the directory with user 'admin' (on the fourth to last line). The working server has my user name in there. I've tried changing it but no dice. The error that's given at the login dialog is just 'Access Denied! Authentication Failure':
Any thoughts on how to get LDAP working again? Thanks!
After mucking about with a test server (on which LDAP auth works with the default settings) I installed Cacti on our management server and began configuring it. At first LDAP auth worked, but then I began to tinker with it, experimenting with different settings in Configuration -> Settings -> Authentication -> LDAP General Settings, using different types of encryption and TLS cert requirements. None of them worked, although they should have. Finally, in frustration, I set them back to the default so that they matched the working test server, but unfortunately the act of trying these difference settings borked something because now I can't get it working at all. I have LDAP Debug Mode enabled, but there isn't anything meaningful in the logs to help troubleshoot. At least to me:
2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Login Failed for user 'joeblow' from IP Address 'xx.xx.xx.xx'.
2023-09-22 15:26:37 - AUTH LOGIN FAILED: LDAP Error: Authentication Failure
2023-09-22 15:26:37 - AUTH LDAP: (C:\inetpub\wwwroot\cacti\index.php[25]:include(), C:\inetpub\wwwroot\cacti\include\auth.php[158]:require_once(), C:\inetpub\wwwroot\cacti\auth_login.php[99]:ldap_login_process(), C:\inetpub\wwwroot\cacti\lib\auth.php[3743]:cacti_ldap_auth(), C:\inetpub\wwwroot\cacti\lib\ldap.php[95]:Ldap->Authenticate(), C:\inetpub\wwwroot\cacti\lib\ldap.php[704]:LdapError::GetErrorDetails(), C:\inetpub\wwwroot\cacti\lib\ldap.php[367]:cacti_debug_backtrace())
2023-09-22 15:26:37 - AUTH LDAP: Authentication Failure
2023-09-22 15:26:36 - AUTH LDAP: Binding with "admin"
2023-09-22 15:26:36 - AUTH NOTE: Setting Bind Timeout to 5 seconds
2023-09-22 15:26:36 - AUTH NOTE: Setting Network Timeout to 2 seconds
2023-09-22 15:26:36 - AUTH LDAP: Connect using ldap://mydc.mydomain.com:389
One thing that's a little wacky is that it appears to be attempting to bind to the directory with user 'admin' (on the fourth to last line). The working server has my user name in there. I've tried changing it but no dice. The error that's given at the login dialog is just 'Access Denied! Authentication Failure':
Any thoughts on how to get LDAP working again? Thanks!
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: LDAP auth stopped working. How to fix or troubleshoot?
I suspect maybe your LDAP server is not responding.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: LDAP auth stopped working. How to fix or troubleshoot?
Nah, there are three of them. If one was not responsive, I'd know about it pretty damned quick, believe me.
Besides, my test server which points to the same DC's is still working. Any more thoughts?
Besides, my test server which points to the same DC's is still working. Any more thoughts?
Re: LDAP auth stopped working. How to fix or troubleshoot?
So I'm pretty stuck here! Is it possible that the config file containing the LDAP parameters is just not getting updated properly via the UI, so that when I try to set the default values back again as they are on the test server, they're not getting used? Where is this config information stored?
Is there no useful troubleshooting information that can be obtained from the log entries shown above? I've checked the security logs on the DC the config is pointing to and don't see any log entries there, either success or failure...
Failing that, any suggestions? Should I just reinstall? I've spent way too long troubleshooting this and gotten nowhere. Any help please?
Is there no useful troubleshooting information that can be obtained from the log entries shown above? I've checked the security logs on the DC the config is pointing to and don't see any log entries there, either success or failure...
Failing that, any suggestions? Should I just reinstall? I've spent way too long troubleshooting this and gotten nowhere. Any help please?
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: LDAP auth stopped working. How to fix or troubleshoot?
Have you tried to use ldaps? I would expect that you would be using the SSL port these days. Also, using V3 is the way to go. Not sure your settings.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: LDAP auth stopped working. How to fix or troubleshoot?
It is trying LDAPS that broke it in the first place. I have flipped every single LDAP option available in the GUI on and off to every possible setting to see if I could make it work again with no success.
So, is it just reinstall time since apparently we have no hope of troubleshooting it? Should I try uninstalling first, or just reinstall over top?
So, is it just reinstall time since apparently we have no hope of troubleshooting it? Should I try uninstalling first, or just reinstall over top?
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: LDAP auth stopped working. How to fix or troubleshoot?
I'm not too sure to be honest. You might consider doing a tcpdump and use Wireshark to see what's happening on the network side.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: LDAP auth stopped working. How to fix or troubleshoot?
OK, I seem to have resolved this. For future reference, it seems that Cacti doesn't support concurrent logins from both LDAP and the local DB. While trying to get this to work, I was logged in using the local admin account and making changes while attempting logins from an incognito\private browser window using LDAP. As long as the local admin account was logged in, the LDAP login would fail. As soon as I logged out of the local admin account, the LDAP login succeeded. Shaky...
On to the next problem...
On to the next problem...
Re: LDAP auth stopped working. How to fix or troubleshoot?
Can you open that bug in GitHub. Make sure you state your current version.
Before history, there was a paradise, now dust.
Who is online
Users browsing this forum: No registered users and 0 guests