Welcome, Guest. Please login or register.

Author Topic: Active Directory authentication  (Read 1869 times)

Saguu

  • Newbie
  • *
  • Posts: 4
    • View Profile
Active Directory authentication
« on: March 28, 2018, 06:15:43 PM »
Hello, I discover NeDi and it's really a great tool. Now, I have a topology of my network, a backup of my configurations and a complete inventory of my network equipment.

However, I would like to add LDAP authentication but it does not work, as for this post: https://forum.nedi.ch/index.php?topic=1499.msg5975#msg5975

I can create a user, but when I try to create a second one, I get this error message: Duplicate entry '' for key 'PRIMARY'.

I'm using NeDi on CentOS 7 and my domain controller is in Windows Server 2012R2


Thanks for your help !

Saguu

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #1 on: March 29, 2018, 02:15:28 AM »
HI Saguu,
Did you configure the LDAP auth in nedi.conf?

if yes
Could you post your config string here? so we can help further if we see any issue.

-Harry

Saguu

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Active Directory authentication
« Reply #2 on: March 29, 2018, 10:58:39 AM »
Hello,

Here is my nedi.conf file:

# Authentication for GUI
guiauth      local
guiauth      ldap

# Set Ldapserver parameters
#      host         port   rootpw      basedn      rootdn   loginattr
;ldapsrv   ldaps://host.domain   636   PASSWORD   DC=XX,DC=YYY   USER   uid
;ldapsrv   ldap://domain.int   389   pass      ou=PROD,dc=domain,dc=int   cn=user,ou=account,ou=admin,ou=prod,dc=domain,dc=int   cn
ldapsrv   ldap://NameOfServer   389   MyPass   OU=XXX,OU=XX,OU=Country,DC=my,DC=domain,DC=dom   admin_xx      sAMAccountName

# Map attributes
#      adm   net   dsk   mon   mgr   oth   mail   phone
;ldapmap   cisco   cisco   cisco   support   manager   users   mail   telephoneNumber


I observed that if I indicate the complete DN of my rootdn, it does not work, I am obliged to indicate only the samaccountname of the rootdn.

Saguu

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Active Directory authentication
« Reply #3 on: April 10, 2018, 04:51:22 PM »
Up !

Did I make a mistake ?

Thanks

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #4 on: April 11, 2018, 01:44:57 AM »
Do you have space in OU names? if yes you need to type it like this

OU=Service+Accounts

Comment out the "guiauth     local" in nedi.conf.

see if this can be helpful, or post  the actual string without password.

-Harry.

Saguu

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Active Directory authentication
« Reply #5 on: April 19, 2018, 05:49:53 PM »
Hello,

Sorry for the delay  :o

I have spaces in my OU names. I tried with the method you tell me, but it does not work anymore. I decided to indicate the parent OU that has no space.

However, it still does not work. Here is the contents of the file :

# Authentication for GUI users can be set to:
# local, sso, pam, radius, ldap or none
# Append -pass to use the session user (entering pw each time) for device access (e.g. in Devices-Write)
;guiauth      local
guiauth      ldap

# Override the Login and Logout URLs (e.g. for your SSO setup)
# The defaults will be used if commented
#      Login URL      Logout URL
;authurls   User-Profile.php   index.php

# Set Radiusserver(s) parameters, if selected above
#      host      port   secret      timeout   retries
;radserver   localhost   1812   testing123   2   1

# Set Ldapserver parameters, if selected above:
#      host         port   rootpw      basedn      rootdn   loginattr
;ldapsrv   ldaps://host.domain   636   PASSWORD   DC=XX,DC=YYY   USER   uid
;ldapsrv   ldap://domain.int   389   pass      ou=PROD,dc=domain,dc=int   cn=user,ou=account,ou=admin,ou=prod,dc=domain,dc=int   cn
ldapsrv   ldap://UKLLOADS01   389   Spleen/*66   OU=LLO,OU=UK,OU=Country,DC=eua,DC=tonivn,DC=net   NeDilookupUser      sAMAccountName


And here is a screenshot of the error:



Thank you for your help !
« Last Edit: April 19, 2018, 05:53:22 PM by Saguu »

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #6 on: April 30, 2018, 06:32:49 AM »
your string
ldapsrv   ldap://UKLLOADS01   389   Spleen/*66   OU=LLO,OU=UK,OU=Country,DC=eua,DC=tonivn,DC=net   NeDilookupUser      sAMAccountName

My string
after *66 (which is password in my case)  look slike this.

 OU=organisation+ICT+Staff,OU=ICT,OU=staff,DC=eastern,DC=det,DC=win  CN=ServicesNedi,OU=Service+Accounts,DC=eastern,DC=det,DC=win sAMAccountName

use it with connection of a service account. and put the password at  "Spleen/*66"

This should fix or you have a option of  getting paid support from Remo Rickli.


Kasper

  • Newbie
  • *
  • Posts: 25
    • View Profile
Re: Active Directory authentication
« Reply #7 on: May 02, 2018, 07:40:41 AM »
Following this guide I got LDAP lookup working in my NeDi installation. The only difference I have in my config is "sAMAccountName" is not used but the "cn" option is used instead.

So my string looks like this (obvious parts changed):
Code: [Select]
ldapsrv ldap://adm.domain.com 389 SuperSecretPassword DC=adm,DC=domain,DC=com CN=Network+Operator,OU=Service+Account,OU=Special+Accounts,DC=adm,DC=domain,DC=com cn