Hi folks, I’m trying to run rt 3.8.9 on CentOS 5.5, talking to Active
Directory on a Windows Server 2003 domain controller. I followed the guide
at the wiki at http://requesttracker.wikia.com/wiki/CentOS5InstallPlusSome and
got everything working up to the external plugin.
I consolidated the RT_SiteConfig.pm to not include the ExternalAuth pm to
make it simpler for me to edit just a single file. My RT_SiteConfig.pm looks
like this:
Custom Site Config
Set($rtname , “MyCo Inc.”);
Set($Organization , “rt.mydomain.internal”);
Set($MinimumPasswordLength , “5”);
Set($Timezone , ‘US/Central’);
Set(@Plugins, qw(
RT::Authen::ExternalAuth
));
Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);
Set($DatabaseType , ‘mysql’);
Set($DatabaseHost , ‘localhost’);
Set($DatabaseRTHost , ‘localhost’);
Set($DatabasePort , ‘’);
Set($DatabaseUser , ‘rt_user’);
Set($DatabasePassword , ‘XXXXX’);
Set($DatabaseName , ‘rt3’);
Set($OwnerEmail , ‘root’);
Set($LoopsToRTOwner , 1);
Set($SendmailArguments , “-oi -t -f support@rt.mydomain.internal”);
Set($MaxAttachmentSize , 10000000);
Set($RTAddressRegexp , ‘^rt@rt.mydomain.internal$’);
Set($CorrespondAddress , ‘no-reply@rt.mydomain.internal’);
Set($CommentAddress , ‘no-reply@rt.mydomain.internal’);
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , “"%s" <%s>”);
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, “"%s Ticket #%s":;”);
Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);
Set($WebPath , “/ticket”);
Set($WebPort , 80);
Set($WebBaseURL , “http://rt”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);
Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, “HARD”);
Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);
Set($OldestTransactionsFirst, ‘1’);
Set($ShowTransactionImages, 1);
Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);
Set($AutoCreate, {Privileged => 1});
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_LDAP’ => {
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' =>
‘paris.mydomain.internal’,
‘user’ => ‘rtuser’,
‘pass’ => ‘rtuserpassword’,
‘base’ =>
‘dc=newcospares,dc=internal’,
'filter' =>
‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
'tls' => 0,
‘ssl_version’ => 3,
'net_ldap_args' => [ version => 3
],
'group' => 'cn=Domain
Users,ou=Users,dc=newcospares,dc=internal’,
‘group_attr’ => ‘member’,
'attr_match_list' => [ 'Name',
‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
Steve Stuff
Set ($LogToFileName,“rt3.error”);
Set ($LogDir,‘/var/tmp’);
Set ($LogToFile,‘debug’);
When I restart apache and try to log in, I get the following results in the
rt.log
[Wed Mar 9 22:26:09 2011] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Wed Mar 9 22:26:09 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Wed Mar 9 22:26:09 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Wed Mar 9 22:26:09 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Wed Mar 9 22:26:21 2011] [error]: FAILED LOGIN for mydomain.internal\steve
from 192.168.88.45 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:555)
I’m an old-school network guy, so I fire up wireshark on the box to see if
it’s even talking to my DC, and there doesn’t appear to be any traffic
between my rt server and the DC. What am I missing here to get this thing
to attempt to authenticate? I’ve looked at a lot of the old mailing list
info and I’m not seeing the thing that says “aha!”
I’m not sure what format my username is supposed to be as well, is it
“domainname\username” or just my domain username or “username@domainname”?
I’ve tried all variations but since I don’t see traffic between the servers
I doubt I’m getting that far yet.
Many thanks in advance!
- Steve