Welcome, Guest. Please login or register.

Author Topic: Active Directory authentication  (Read 11714 times)

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Active Directory authentication
« on: March 28, 2018, 06:15:43 pm »
Hello, I discover NeDi and it's really a great tool. Now, I have a topology of my network, a backup of my configurations and a complete inventory of my network equipment.

However, I would like to add LDAP authentication but it does not work, as for this post: https://forum.nedi.ch/index.php?topic=1499.msg5975#msg5975

I can create a user, but when I try to create a second one, I get this error message: Duplicate entry '' for key 'PRIMARY'.

I'm using NeDi on CentOS 7 and my domain controller is in Windows Server 2012R2


Thanks for your help !

Saguu

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #1 on: March 29, 2018, 02:15:28 am »
HI Saguu,
Did you configure the LDAP auth in nedi.conf?

if yes
Could you post your config string here? so we can help further if we see any issue.

-Harry

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Active Directory authentication
« Reply #2 on: March 29, 2018, 10:58:39 am »
Hello,

Here is my nedi.conf file:

# Authentication for GUI
guiauth      local
guiauth      ldap

# Set Ldapserver parameters
#      host         port   rootpw      basedn      rootdn   loginattr
;ldapsrv   ldaps://host.domain   636   PASSWORD   DC=XX,DC=YYY   USER   uid
;ldapsrv   ldap://domain.int   389   pass      ou=PROD,dc=domain,dc=int   cn=user,ou=account,ou=admin,ou=prod,dc=domain,dc=int   cn
ldapsrv   ldap://NameOfServer   389   MyPass   OU=XXX,OU=XX,OU=Country,DC=my,DC=domain,DC=dom   admin_xx      sAMAccountName

# Map attributes
#      adm   net   dsk   mon   mgr   oth   mail   phone
;ldapmap   cisco   cisco   cisco   support   manager   users   mail   telephoneNumber


I observed that if I indicate the complete DN of my rootdn, it does not work, I am obliged to indicate only the samaccountname of the rootdn.

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Active Directory authentication
« Reply #3 on: April 10, 2018, 04:51:22 pm »
Up !

Did I make a mistake ?

Thanks

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #4 on: April 11, 2018, 01:44:57 am »
Do you have space in OU names? if yes you need to type it like this

OU=Service+Accounts

Comment out the "guiauth     local" in nedi.conf.

see if this can be helpful, or post  the actual string without password.

-Harry.

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Active Directory authentication
« Reply #5 on: April 19, 2018, 05:49:53 pm »
Hello,

Sorry for the delay  :o

I have spaces in my OU names. I tried with the method you tell me, but it does not work anymore. I decided to indicate the parent OU that has no space.

However, it still does not work. Here is the contents of the file :

# Authentication for GUI users can be set to:
# local, sso, pam, radius, ldap or none
# Append -pass to use the session user (entering pw each time) for device access (e.g. in Devices-Write)
;guiauth      local
guiauth      ldap

# Override the Login and Logout URLs (e.g. for your SSO setup)
# The defaults will be used if commented
#      Login URL      Logout URL
;authurls   User-Profile.php   index.php

# Set Radiusserver(s) parameters, if selected above
#      host      port   secret      timeout   retries
;radserver   localhost   1812   testing123   2   1

# Set Ldapserver parameters, if selected above:
#      host         port   rootpw      basedn      rootdn   loginattr
;ldapsrv   ldaps://host.domain   636   PASSWORD   DC=XX,DC=YYY   USER   uid
;ldapsrv   ldap://domain.int   389   pass      ou=PROD,dc=domain,dc=int   cn=user,ou=account,ou=admin,ou=prod,dc=domain,dc=int   cn
ldapsrv   ldap://UKLLOADS01   389   Spleen/*66   OU=LLO,OU=UK,OU=Country,DC=eua,DC=tonivn,DC=net   NeDilookupUser      sAMAccountName


And here is a screenshot of the error:



Thank you for your help !
« Last Edit: April 19, 2018, 05:53:22 pm by Saguu »

harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Active Directory authentication
« Reply #6 on: April 30, 2018, 06:32:49 am »
your string
ldapsrv   ldap://UKLLOADS01   389   Spleen/*66   OU=LLO,OU=UK,OU=Country,DC=eua,DC=tonivn,DC=net   NeDilookupUser      sAMAccountName

My string
after *66 (which is password in my case)  look slike this.

 OU=organisation+ICT+Staff,OU=ICT,OU=staff,DC=eastern,DC=det,DC=win  CN=ServicesNedi,OU=Service+Accounts,DC=eastern,DC=det,DC=win sAMAccountName

use it with connection of a service account. and put the password at  "Spleen/*66"

This should fix or you have a option of  getting paid support from Remo Rickli.


Kasper

  • Newbie
  • *
  • Posts: 25
    • View Profile
Re: Active Directory authentication
« Reply #7 on: May 02, 2018, 07:40:41 am »
Following this guide I got LDAP lookup working in my NeDi installation. The only difference I have in my config is "sAMAccountName" is not used but the "cn" option is used instead.

So my string looks like this (obvious parts changed):
Code: [Select]
ldapsrv ldap://adm.domain.com 389 SuperSecretPassword DC=adm,DC=domain,DC=com CN=Network+Operator,OU=Service+Account,OU=Special+Accounts,DC=adm,DC=domain,DC=com cn

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: Active Directory authentication
« Reply #8 on: March 15, 2019, 10:12:20 am »
Sorry for the delay for my answer. It works perfectly with the latest version of NeDi!

networkbo

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: Active Directory authentication
« Reply #9 on: April 02, 2021, 03:41:28 pm »
Hi all, I have an issue using ldap and local authentication at same time.
I obtain the choice on home page using
guiauth      local,ldap
but only ldap users and root are accepted, not a new local user.
If I remove ldap, new user is authenticated.
I use NeDi 2.0.120.
Any suggestion would be appreciated.

dohco

  • Newbie
  • *
  • Posts: 37
    • View Profile
Re: Active Directory authentication
« Reply #10 on: April 07, 2021, 07:42:25 am »
In my configuration I only have ldap, not local,ldap.
With this I can log in with both ldap and local accounts.

networkbo

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: Active Directory authentication
« Reply #11 on: April 12, 2021, 04:57:42 pm »
Even if I remove local and keep ldap, I cannot login with local user other than root.

ascii

  • Full Member
  • ***
  • Posts: 107
    • View Profile
Re: Active Directory authentication
« Reply #12 on: April 14, 2021, 09:16:58 am »
i assume you set the local flag for the account.
last icon on the user page

networkbo

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: Active Directory authentication
« Reply #13 on: April 19, 2021, 06:14:58 pm »
No, I didn't know about that flag, I've fixed, thank you!

enannos

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Active Directory authentication
« Reply #14 on: January 05, 2022, 04:51:17 pm »
Hi all, I have an issue using ldap and local authentication at same time.
I obtain the choice on home page using
guiauth      local,ldap
but only ldap users and root are accepted, not a new local user.
If I remove ldap, new user is authenticated.
I use NeDi 2.0.120.
Any suggestion would be appreciated.

Hi,

I cannot get my nedi to work with our AD.
Can you please post (or anyone else that got it working) your nedi configuration regarding the ldap here?

Is there a way that only some members of a group can login in nedi?

Thank you