Some advice on initial config

Nick_Porter · March 18, 2011, 4:31pm

Hello. I’ve been Googling and wiki reading and following the sterling advice of others but I have to admit I’m stuck and could do with some help.

I’m on Debain Squeeze, Apache2 and RT3.8 with MySQL

I’ve got it the web interface up and even managed to get emails to flow from our exchange server into the general queue so I have the basics.

My problem is with the users. I’ve managed to get the ExternalAuth plugin to talk to AD/ldap and create privileged user but I’m having problem setting RT up so that the folks submitting emails/tickets to it can log in and see the queue and theirs/others tickets.

An email will arrive and create a ticket and create a user with NOPASSWORD but for the life of me I can’t seem to be able to login with that user. Even is if users has the ‘Let this user acess RT’ check set.

Any pointers as to what I should be looking for or what common pitfall I’m encountering?

Thx.
np

Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BL

Thomas_Sibley · March 18, 2011, 4:47pm

Hello. I’ve been Googling and wiki reading and following the sterling advice of others but I have to admit I’m stuck and could do with some help.

I’m on Debain Squeeze, Apache2 and RT3.8 with MySQL

I’ve got it the web interface up and even managed to get emails to flow from our exchange server into the general queue so I have the basics.

My problem is with the users. I’ve managed to get the ExternalAuth plugin to talk to AD/ldap and create privileged user but I’m having problem setting RT up so that the folks submitting emails/tickets to it can log in and see the queue and theirs/others tickets.

An email will arrive and create a ticket and create a user with NOPASSWORD but for the life of me I can’t seem to be able to login with that user. Even is if users has the ‘Let this user acess RT’ check set.

These are internal unprivileged users that aren’t authenticating through
ExternalAuth and you’ve configured external auth to fall through to
internal users? If so, they need a password to login.

Thomas

Nick_Porter · March 21, 2011, 10:33am

Okay, that makes sense. So I thought a different approach might be in order.

Instead of having ExtertnalAuth create the privileged RT support users I’d have it create and authenticate all users as none unprivileged and manually set the support users to the correct group.

The first problem I’ve encountered is that ExternalAuth doesn’t seem to recognise the ‘Domain Users’ group in AD. It works fine if I explicitly add the user to the ‘RT User’ users group I set up from the wiki howto doc but not if I either set the ‘Domain Users’ group in the ExternalAuth RT_SiteConfig.pm or if I add it as a member of the ‘RT Users’ group. Anybody know why that might be as adding them individually to ‘RT User’ will be a pain.

Thx for any feedback.

-np

Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BLFrom: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: 18 March 2011 16:48
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Some advice on initial config

Hello. I’ve been Googling and wiki reading and following the sterling advice of others but I have to admit I’m stuck and could do with some help.

I’m on Debain Squeeze, Apache2 and RT3.8 with MySQL

I’ve got it the web interface up and even managed to get emails to flow from our exchange server into the general queue so I have the basics.

My problem is with the users. I’ve managed to get the ExternalAuth plugin to talk to AD/ldap and create privileged user but I’m having problem setting RT up so that the folks submitting emails/tickets to it can log in and see the queue and theirs/others tickets.

An email will arrive and create a ticket and create a user with NOPASSWORD but for the life of me I can’t seem to be able to login with that user. Even is if users has the ‘Let this user acess RT’ check set.

These are internal unprivileged users that aren’t authenticating through ExternalAuth and you’ve configured external auth to fall through to internal users? If so, they need a password to login.

Thomas

Any pointers as to what I should be looking for or what common pitfall I’m encountering?

Thx.

np

–
Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BL

Nick_Porter · March 22, 2011, 3:16pm

Just for the sake of completeness so that if anybody comes across this while searching for answers related to my question.

I managed to get the authentication to work as I wanted by commenting out the ‘group’ and ‘group_attr’ from the RT_SiteConfig.pm

It now seems that AD will authenticate anybody with an AD account against RT. RT will set up unprivileged accounts for everyone sending in an email. In the case of support staff I get them to send a nonsensical email, locate their account and set the ‘Let this user be granted rights’ field which I believe ups it’s permissions to privileged.

I expect there’s probably a ‘right’ way to do this but this is how I got mine to work.
–np

Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BLFrom: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Nick Porter
Sent: 21 March 2011 10:34
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Some advice on initial config

Okay, that makes sense. So I thought a different approach might be in order.

Instead of having ExtertnalAuth create the privileged RT support users I’d have it create and authenticate all users as none unprivileged and manually set the support users to the correct group.

The first problem I’ve encountered is that ExternalAuth doesn’t seem to recognise the ‘Domain Users’ group in AD. It works fine if I explicitly add the user to the ‘RT User’ users group I set up from the wiki howto doc but not if I either set the ‘Domain Users’ group in the ExternalAuth RT_SiteConfig.pm or if I add it as a member of the ‘RT Users’ group. Anybody know why that might be as adding them individually to ‘RT User’ will be a pain.

Thx for any feedback.

-np

Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BL

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: 18 March 2011 16:48
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Some advice on initial config

Hello. I’ve been Googling and wiki reading and following the sterling advice of others but I have to admit I’m stuck and could do with some help.

I’m on Debain Squeeze, Apache2 and RT3.8 with MySQL

I’ve got it the web interface up and even managed to get emails to flow from our exchange server into the general queue so I have the basics.

My problem is with the users. I’ve managed to get the ExternalAuth plugin to talk to AD/ldap and create privileged user but I’m having problem setting RT up so that the folks submitting emails/tickets to it can log in and see the queue and theirs/others tickets.

An email will arrive and create a ticket and create a user with NOPASSWORD but for the life of me I can’t seem to be able to login with that user. Even is if users has the ‘Let this user acess RT’ check set.

These are internal unprivileged users that aren’t authenticating through ExternalAuth and you’ve configured external auth to fall through to internal users? If so, they need a password to login.

Thomas

Any pointers as to what I should be looking for or what common pitfall I’m encountering?

Thx.

np

–
Tradar Limited is a limited company registered in England and Wales. Registered number: 3431380.
Registered office: 11 Conway Street, London. W1T 6BL