ExternalAuth problems

Brian_Haupt · August 1, 2013, 2:32pm

I am setting up a new Request Tracker 4.0.16 installation on CentOS 6.4. I am able to log into RT using the RT root password but I receive the following error when trying to login using my AD account

[Thu Aug 1 14:37:33 2013] [error]: FAILED LOGIN for $UserName from $IP_Address (/usr/local/rt/sbin/…/lib/RT/Interface/Web.pm:753)

Below is the relavent part of my RT_SiteConfig

Set($WebPort, 443);
Set($WebPath, “/rt”);
Set($WebDomain, ‘$hostname.$PublicDomain’);
Set($rtname, ‘$hostname’);

Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
’My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  '$DC.$InternalNetwork',
        'user'                      =>  '$AD_User@$InternalNetwork ',
        'pass'                      =>  '$Password',

        'base'                      =>  'dc=$InternalNetwork',
        'filter'                    =>  '(objectClass=*)',
        'attr_map' => {
            'Name' => 'displayName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
        },
    },
});

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them.

There should only be one @Plugins declaration in your config file.

Set(@MailPlugins, qw(Auth::MailFrom Filter::TakeAction));
Set(@Plugins,(qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth)));

1;

Jeff_Solberg · August 1, 2013, 3:22pm

Try removing the extra ‘(’ you have in front of qw in your set@plugin declaration.

Jeff-------- Original message --------
From: Brian Haupt brian.s.haupt@ama-inc.com
Date: 08/01/2013 7:48 AM (GMT-08:00)
To: rt-users@lists.bestpractical.com
Subject: [rt-users] ExternalAuth problems

I am setting up a new Request Tracker 4.0.16 installation on CentOS 6.4. I am able to log into RT using the RT root password but I receive the following error when trying to login using my AD account

[Thu Aug 1 14:37:33 2013] [error]: FAILED LOGIN for $UserName from $IP_Address (/usr/local/rt/sbin/…/lib/RT/Interface/Web.pm:753)

Below is the relavent part of my RT_SiteConfig

Set($WebPort, 443);
Set($WebPath, “/rt”);
Set($WebDomain, ‘$hostname.$PublicDomain’);
Set($rtname, ‘$hostname’);

Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  '$DC.$InternalNetwork',
        'user'                      =>  '$AD_User@$InternalNetwork ',
        'pass'                      =>  '$Password',

        'base'                      =>  'dc=$InternalNetwork',
        'filter'                    =>  '(objectClass=*)',
        'attr_map' => {
            'Name' => 'displayName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
        },
    },
});

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them.

There should only be one @Plugins declaration in your config file.

Set(@MailPlugins, qw(Auth::MailFrom Filter::TakeAction));
Set(@Plugins,(qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth)));

1;

Brian_Haupt · August 1, 2013, 4:06pm

I have tried removing the extra ‘(’ as recommended but with no success. I have also tried using changing
‘user’ => $AD_User@$InternalNetwork ', to
‘user’ => ‘cn=$Username,cn=Users,dc=internal,dc=$DomainName,dc=com’,

I also tried adding
Set($LdapServer, ‘ldaps://myDomainController.xxxxxxx.com’);
Set($LdapTLS, 1);
Set($LdapSSLVersion, 3);

But none of these have yielded any better results.-----Original Message-----
From: Jeff Solberg [mailto:jsolberg@intrepidls.com]
Sent: Thursday, August 01, 2013 11:23 AM
To: Brian Haupt; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] ExternalAuth problems

Try removing the extra ‘(’ you have in front of qw in your set@plugin declaration.

Jeff

-------- Original message --------
From: Brian Haupt brian.s.haupt@ama-inc.com
Date: 08/01/2013 7:48 AM (GMT-08:00)
To: rt-users@lists.bestpractical.com
Subject: [rt-users] ExternalAuth problems

I am setting up a new Request Tracker 4.0.16 installation on CentOS 6.4. I am able to log into RT using the RT root password but I receive the following error when trying to login using my AD account

[Thu Aug 1 14:37:33 2013] [error]: FAILED LOGIN for $UserName from $IP_Address (/usr/local/rt/sbin/…/lib/RT/Interface/Web.pm:753)

Below is the relavent part of my RT_SiteConfig

Set($WebPort, 443);
Set($WebPath, “/rt”);
Set($WebDomain, ‘$hostname.$PublicDomain’); Set($rtname, ‘$hostname’);

Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  '$DC.$InternalNetwork',
        'user'                      =>  '$AD_User@$InternalNetwork',
        'pass'                      =>  '$Password',

        'base'                      =>  'dc=$InternalNetwork',
        'filter'                    =>  '(objectClass=*)',
        'attr_map' => {
            'Name' => 'displayName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
        },
    },
});

You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them.

There should only be one @Plugins declaration in your config file.

Set(@MailPlugins, qw(Auth::MailFrom Filter::TakeAction)); Set(@Plugins,(qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth)));

1;

bbaker · August 1, 2013, 4:19pm

Brian
If you use AdsiEdit and look at the user object you are trying to use it will display the Distinguished Name needed to access the object.
Like

Name Class Distinguished Name
CN=RQ Tracker User CN=RQ Tracker,OU=Users_Special,OU=Copesan,DC=Copesan,DC=Local

In the above case User would be
‘user’ => ‘CN=RQ Tracker,OU=Users_Special,OU=Copesan,DC=Copesan,DC=Local’,
‘server’ => “This would be any readable Domain Controler”
Hope this helps.

Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bbaker@copesan.com

“Servicing North America with Local Care”-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Brian Haupt
Sent: Thursday, August 01, 2013 11:06 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] ExternalAuth problems

I have tried removing the extra ‘(’ as recommended but with no success. I have also tried using changing
‘user’ => $AD_User@$InternalNetwork ', to
‘user’ => ‘cn=$Username,cn=Users,dc=internal,dc=$DomainName,dc=com’,

I also tried adding
Set($LdapServer, ‘ldaps://myDomainController.xxxxxxx.com’);
Set($LdapTLS, 1);
Set($LdapSSLVersion, 3);

But none of these have yielded any better results.

-----Original Message-----
From: Jeff Solberg [mailto:jsolberg@intrepidls.com]
Sent: Thursday, August 01, 2013 11:23 AM
To: Brian Haupt; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] ExternalAuth problems

Try removing the extra ‘(’ you have in front of qw in your set@plugin declaration.

Jeff

-------- Original message --------
From: Brian Haupt brian.s.haupt@ama-inc.com
Date: 08/01/2013 7:48 AM (GMT-08:00)
To: rt-users@lists.bestpractical.com
Subject: [rt-users] ExternalAuth problems

I am setting up a new Request Tracker 4.0.16 installation on CentOS 6.4. I am able to log into RT using the RT root password but I receive the following error when trying to login using my AD account

[Thu Aug 1 14:37:33 2013] [error]: FAILED LOGIN for $UserName from $IP_Address (/usr/local/rt/sbin/…/lib/RT/Interface/Web.pm:753)

Below is the relavent part of my RT_SiteConfig

Set($WebPort, 443);
Set($WebPath, “/rt”);
Set($WebDomain, ‘$hostname.$PublicDomain’); Set($rtname, ‘$hostname’);

Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  '$DC.$InternalNetwork',
        'user'                      =>  '$AD_User@$InternalNetwork',
        'pass'                      =>  '$Password',

        'base'                      =>  'dc=$InternalNetwork',
        'filter'                    =>  '(objectClass=*)',
        'attr_map' => {
            'Name' => 'displayName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
        },
    },
});

You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them.

There should only be one @Plugins declaration in your config file.

Set(@MailPlugins, qw(Auth::MailFrom Filter::TakeAction)); Set(@Plugins,(qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth)));

1;

Jeff_Solberg · August 1, 2013, 4:21pm

When you removed the extra ‘(’ did you also remove the extra ‘)’ from the end of the declaration? Your plug in line should look like this

Set(@Plugins, qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth));

Restart Apache…

If this doesn’t work go into RT as root then go into the system configuration

Tools–> Configuration → tools–> System Configuration

And see if the plugs are being set. Hope this helps.

Jeff-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Brian Haupt
Sent: Thursday, August 01, 2013 9:06 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] ExternalAuth problems

I have tried removing the extra ‘(’ as recommended but with no success. I have also tried using changing
‘user’ => $AD_User@$InternalNetwork ', to
‘user’ => ‘cn=$Username,cn=Users,dc=internal,dc=$DomainName,dc=com’,

I also tried adding
Set($LdapServer, ‘ldaps://myDomainController.xxxxxxx.com’);
Set($LdapTLS, 1);
Set($LdapSSLVersion, 3);

But none of these have yielded any better results.

-----Original Message-----
From: Jeff Solberg [mailto:jsolberg@intrepidls.com]
Sent: Thursday, August 01, 2013 11:23 AM
To: Brian Haupt; rt-users@lists.bestpractical.com
Subject: RE: [rt-users] ExternalAuth problems

Try removing the extra ‘(’ you have in front of qw in your set@plugin declaration.

Jeff

-------- Original message --------
From: Brian Haupt brian.s.haupt@ama-inc.com
Date: 08/01/2013 7:48 AM (GMT-08:00)
To: rt-users@lists.bestpractical.com
Subject: [rt-users] ExternalAuth problems

I am setting up a new Request Tracker 4.0.16 installation on CentOS 6.4. I am able to log into RT using the RT root password but I receive the following error when trying to login using my AD account

[Thu Aug 1 14:37:33 2013] [error]: FAILED LOGIN for $UserName from $IP_Address (/usr/local/rt/sbin/…/lib/RT/Interface/Web.pm:753)

Below is the relavent part of my RT_SiteConfig

Set($WebPort, 443);
Set($WebPath, “/rt”);
Set($WebDomain, ‘$hostname.$PublicDomain’); Set($rtname, ‘$hostname’);

Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  '$DC.$InternalNetwork',
        'user'                      =>  '$AD_User@$InternalNetwork',
        'pass'                      =>  '$Password',

        'base'                      =>  'dc=$InternalNetwork',
        'filter'                    =>  '(objectClass=*)',
        'attr_map' => {
            'Name' => 'displayName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
        },
    },
});

You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them.

There should only be one @Plugins declaration in your config file.

Set(@MailPlugins, qw(Auth::MailFrom Filter::TakeAction)); Set(@Plugins,(qw(RT::Extension::CommandByMail RT::Authen::ExternalAuth)));

1;