Re: [rt-users] External Auth using Active Directory 2008

2012-02-06 Thread Kevin Falcone 
On Fri, Feb 03, 2012 at 11:17:18PM +, Howell, Van wrote:
 I ran the install again, The version it put on is 0.09
 FALCONE/RT-Authen-ExternalAuth-0.09.tar.gz
 
 Not the new version. I still have the same problem
 
 I shelled into CPAN 
 perl -MCPAN -e shell
 
 then I ran 
 install RT::Authen::ExternalAuth
 
 Is there a different way?
 
 Sorry for the dumb questions, but I'm new to this.

Do install a development release, you either need to fully specify the
path in the CPAN shell (something like
T/TS/TSIBLEY/RT-Authen-ExternalAuth-0.09_02.tar.gz ) or go to
http://search.cpan.org or http://metacpan.org and find and download
the development tarball and install it manually.

-kevin


pgpgefn9KoWwY.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Kevin Falcone 
On Thu, Feb 02, 2012 at 06:21:20PM +, Howell, Van wrote:
 I added Set($LogToSyslog, debug); to my RT_SiteConfig.pm file
 I don't seem to be getting an more logging.
 I restarted the httpd service, didn't see any more logging so I restarted the 
 server.

Unfortunately - it seems you have syslog itself set to discard debug
messages.  You can try turning up $LogToScreen to debug and then check
your webserver logs instead of your syslog logs.

-kevin

 This is the entire tail of the messages log
 
 [root@OpenNMS etc]# tail /var/log/messages
 Feb  2 11:56:45 localhost abrtd: Dump directory is a duplicate of 
 /var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
 Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
 ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), 
 sending dbus signal
 Feb  2 12:00:42 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
 match the configured WebDomain (lcu.edu). Perhaps you should Set($WebDomain, 
 '192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal links may be 
 broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
 match the configured WebDomain (lcu.edu). Perhaps you should Set($WebDomain, 
 '192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal links may be 
 broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
 match the configured WebDomain (helpdesk.lcu.edu). Perhaps you should 
 Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
 internal links may be broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
 Feb  2 12:14:00 localhost RT: FAILED LOGIN for van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
 match the configured WebDomain (helpdesk.lcu.edu). Perhaps you should 
 Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
 internal links may be broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:16:16 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
 Feb  2 12:16:16 localhost RT: FAILED LOGIN for van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 
 Thanks for helping with this.
 
 Van Howell
 System Administrator
 Lubbock Christian University
 
 
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com 
 [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
 Sent: Thursday, February 02, 2012 11:17 AM
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] External Auth using Active Directory 2008
 
 On Thu, Feb 02, 2012 at 04:16:53PM +, Howell, Van wrote:
  I do not have Debugging turned on. I am going to need some help turning it 
  on since this is new to me.
  
  Here are some errors from /var/log/messages...
  
  This is a failed attempt...
  
  Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez 
  (can't bind: LDAP_INVALID_CREDENTIALS 49 ) 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
  uth/LDAP.pm:82) Feb  1 16:02:25 localhost RT: FAILED LOGIN for 
  mary.servantez from 10.1.41.95 
  (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
  
  Here is a successful attemt
  
  Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth 
  External Auth OK ( My_LDAP ): test.account 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
  uth/LDAP.pm:139) Feb  2 10:14:02 localhost RT: Couldn't enable user 28 
  (/opt/rt4/sbin/../lib/RT/User.pm:1066)
  Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) 
  per External Service (, ) 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
  uth.pm:274) Feb  2 10:14:02 localhost RT: 
  RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , 
  City: , Country: , EmailAddress: test.acco...@lcu.edu, ExternalAuthId: 
  test.account, Gecos: test.account, Name: test.account, Organization: , 
  RealName: Test Account, State: , WorkPhone: , Zip:  
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
  uth.pm:536) Feb  2 10:14:02 localhost RT: Successful login for 
  test.account from 10.1.5.9 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
  uth.pm:219)
 
 Since you're seeing these in /var/log/messages I assume you're using the 
 syslog configuration.
 
 You want to read about LogToSyslog in etc/RT_Config.pm then copy that setting 
 to RT_SiteConfig.pm and change it to debug.
 
 Restart RT and try the failed login again.
 
 -kevin
 
 
 RT Training Sessions (http://bestpractical.com

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Howell, Van 
Here is the Apache Log from my last login attempt

[Fri Feb  3 18:02:40 2012] [debug]: Password validation required for service - 
Executing... 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Fri Feb  3 18:02:40 2012] [debug]: Trying external auth service: My_LDAP 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: 
DC=xx,DC=xxx,DC=edu == Filter: 
((sAMAccountName=van.howell)((ObjectCategory=User)(ObjectClass=Person))) == 
Attrs: dn 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Fri Feb  3 18:02:40 2012] [debug]: Found LDAP DN: CN=Howell\, 
Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: 
DC=xx,DC=xxx,DC=edu == Filter: (member=CN=Howell, 
Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu) == Attrs: dn 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Fri Feb  3 18:02:40 2012] [info]: My_LDAP AUTH FAILED: van.howell 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Fri Feb  3 18:02:40 2012] [debug]: LDAP password validation result: 0 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Fri Feb  3 18:02:40 2012] [debug]: Password Validation Check Result:  0 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Fri Feb  3 18:02:40 2012] [debug]: Autohandler called ExternalAuth. Response: 
(0, Password Invalid) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Fri Feb  3 18:02:40 2012] [error]: FAILED LOGIN for van.howell from 10.1.5.9 
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)

Van Howell
System Administrator
Lubbock Christian University

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, February 03, 2012 11:32 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Thu, Feb 02, 2012 at 06:21:20PM +, Howell, Van wrote:
 I added Set($LogToSyslog, debug); to my RT_SiteConfig.pm file I 
 don't seem to be getting an more logging.
 I restarted the httpd service, didn't see any more logging so I restarted the 
 server.

Unfortunately - it seems you have syslog itself set to discard debug messages.  
You can try turning up $LogToScreen to debug and then check your webserver logs 
instead of your syslog logs.

-kevin

 This is the entire tail of the messages log
 
 [root@OpenNMS etc]# tail /var/log/messages Feb  2 11:56:45 localhost 
 abrtd: Dump directory is a duplicate of 
 /var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
 Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
 ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), 
 sending dbus signal Feb  2 12:00:42 localhost RT: The actual HTTP_HOST 
 (192.168.1.200) does NOT match the configured WebDomain (lcu.edu). 
 Perhaps you should Set($WebDomain, '192.168.1.200'); in 
 RT_SiteConfig.pm, otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (lcu.edu). Perhaps you should 
 Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
 internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:127) Feb  2 12:14:00 localhost RT: FAILED LOGIN for 
 van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:16:16 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:127) Feb  2 12:16:16 localhost RT: FAILED LOGIN for 
 van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 
 Thanks for helping with this.
 
 Van Howell
 System Administrator
 Lubbock Christian University
 
 
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Howell, Van 
One more thing,
It's like it is not sending the password to AD at all. I can type a random 
password multiple times and is does not lock my account.

Van Howell
System Administrator
Lubbock Christian University


-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, February 03, 2012 11:32 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Thu, Feb 02, 2012 at 06:21:20PM +, Howell, Van wrote:
 I added Set($LogToSyslog, debug); to my RT_SiteConfig.pm file I 
 don't seem to be getting an more logging.
 I restarted the httpd service, didn't see any more logging so I restarted the 
 server.

Unfortunately - it seems you have syslog itself set to discard debug messages.  
You can try turning up $LogToScreen to debug and then check your webserver logs 
instead of your syslog logs.

-kevin

 This is the entire tail of the messages log
 
 [root@OpenNMS etc]# tail /var/log/messages Feb  2 11:56:45 localhost 
 abrtd: Dump directory is a duplicate of 
 /var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
 Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
 ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), 
 sending dbus signal Feb  2 12:00:42 localhost RT: The actual HTTP_HOST 
 (192.168.1.200) does NOT match the configured WebDomain (lcu.edu). 
 Perhaps you should Set($WebDomain, '192.168.1.200'); in 
 RT_SiteConfig.pm, otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (lcu.edu). Perhaps you should 
 Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
 internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:127) Feb  2 12:14:00 localhost RT: FAILED LOGIN for 
 van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:16:16 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:127) Feb  2 12:16:16 localhost RT: FAILED LOGIN for 
 van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 
 Thanks for helping with this.
 
 Van Howell
 System Administrator
 Lubbock Christian University
 
 
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com 
 [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin 
 Falcone
 Sent: Thursday, February 02, 2012 11:17 AM
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] External Auth using Active Directory 2008
 
 On Thu, Feb 02, 2012 at 04:16:53PM +, Howell, Van wrote:
  I do not have Debugging turned on. I am going to need some help turning it 
  on since this is new to me.
  
  Here are some errors from /var/log/messages...
  
  This is a failed attempt...
  
  Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez 
  (can't bind: LDAP_INVALID_CREDENTIALS 49 ) 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
  lA
  uth/LDAP.pm:82) Feb  1 16:02:25 localhost RT: FAILED LOGIN for 
  mary.servantez from 10.1.41.95
  (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
  
  Here is a successful attemt
  
  Feb  2 10:14:02 localhost RT: 
  RT::Authen::ExternalAuth::LDAP::GetAuth
  External Auth OK ( My_LDAP ): test.account 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
  lA
  uth/LDAP.pm:139) Feb  2 10:14:02 localhost RT: Couldn't enable user 
  28
  (/opt/rt4/sbin/../lib/RT/User.pm:1066)
  Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account 
  ) per External Service (, ) 
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
  lA
  uth.pm:274) Feb  2 10:14:02 localhost RT: 
  RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
  City: , Country: , EmailAddress: test.acco...@lcu.edu, ExternalAuthId: 
  test.account, Gecos: test.account, Name: test.account, Organization: 
  ,
  RealName: Test Account, State: , WorkPhone: , Zip:  
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Howell, Van 
Here is the debug log for a successful attempt

[Fri Feb  3 18:20:32 2012] [warning]: Couldn't enable user 28 
(/opt/rt4/sbin/../lib/RT/User.pm:1066)
[Fri Feb  3 18:20:32 2012] [info]: User marked as ENABLED ( test.account ) per 
External Service (, ) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
[Fri Feb  3 18:20:32 2012] [debug]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by 
RT::Authen::ExternalAuth 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 553 
with: Name: test.account 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Fri Feb  3 18:20:32 2012] [debug]: Attempting to get user info using this 
external service: My_LDAP 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Fri Feb  3 18:20:32 2012] [debug]: Attempting to use this canonicalization 
key: Name 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Fri Feb  3 18:20:32 2012] [debug]: LDAP Search ===  Base: 
DC=xx,DC=xxx,DC=edu == Filter: 
(((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=test.account)) == 
Attrs: 
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Fri Feb  3 18:20:32 2012] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , 
Country: , EmailAddress: test.acco...@lcu.edu, ExternalAuthId: test.account, 
Gecos: test.account, Name: test.account, Organization: , RealName: Test 
Account, State: , WorkPhone: , Zip:  
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Fri Feb  3 18:20:32 2012] [debug]: UPDATED user ( test.account ) from External 
Service 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:307)
[Fri Feb  3 18:20:32 2012] [info]: Successful login for test.account from 
10.1.5.9 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
[Fri Feb  3 18:20:32 2012] [debug]: Autohandler called ExternalAuth. Response: 
(1, Successful login) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)

Van Howell
System Administrator
Lubbock Christian University


-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, February 03, 2012 11:32 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Thu, Feb 02, 2012 at 06:21:20PM +, Howell, Van wrote:
 I added Set($LogToSyslog, debug); to my RT_SiteConfig.pm file I 
 don't seem to be getting an more logging.
 I restarted the httpd service, didn't see any more logging so I restarted the 
 server.

Unfortunately - it seems you have syslog itself set to discard debug messages.  
You can try turning up $LogToScreen to debug and then check your webserver logs 
instead of your syslog logs.

-kevin

 This is the entire tail of the messages log
 
 [root@OpenNMS etc]# tail /var/log/messages Feb  2 11:56:45 localhost 
 abrtd: Dump directory is a duplicate of 
 /var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
 Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
 ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), 
 sending dbus signal Feb  2 12:00:42 localhost RT: The actual HTTP_HOST 
 (192.168.1.200) does NOT match the configured WebDomain (lcu.edu). 
 Perhaps you should Set($WebDomain, '192.168.1.200'); in 
 RT_SiteConfig.pm, otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (lcu.edu). Perhaps you should 
 Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your 
 internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:127) Feb  2 12:14:00 localhost RT: FAILED LOGIN for 
 van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) 
 does NOT match the configured WebDomain (helpdesk.lcu.edu). Perhaps 
 you should Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, 
 otherwise your internal links may be broken. 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
 Feb  2 12:16:16 localhost RT: My_LDAP

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread james machado 
On Fri, Feb 3, 2012 at 10:55 AM, james machado hvgeekwt...@gmail.com wrote:
 I would use ldapsearch on that machine to make sure you can bind to
 the AD server using the login credentials in your Site_Config.  Make
 sure you are using the proper certificates to connect via the TLS you
 have configured.  I've noticed that being one of the biggest problems
 with ldap and Windows 2008 and 2008 R2 AD servers.

 james

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Kevin Falcone 
On Fri, Feb 03, 2012 at 06:08:46PM +, Howell, Van wrote:
 Here is the Apache Log from my last login attempt
 
 [Fri Feb  3 18:02:40 2012] [debug]: Found LDAP DN: CN=Howell\, 
 Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

There was a bug reported about commas in DNs causing problems, I
wonder if you're running afoul of that (note that your testuser has a
different CN).

You can try with 0.09_02 which my colleague released last week and is
available on CPAN.  It contains a bugfix for this.

-kevin

 [Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: 
 DC=xx,DC=xxx,DC=edu == Filter: (member=CN=Howell, 
 Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu) == Attrs: dn 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
 [Fri Feb  3 18:02:40 2012] [info]: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
 [Fri Feb  3 18:02:40 2012] [debug]: LDAP password validation result: 0 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
 [Fri Feb  3 18:02:40 2012] [debug]: Password Validation Check Result:  0 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
 [Fri Feb  3 18:02:40 2012] [debug]: Autohandler called ExternalAuth. 
 Response: (0, Password Invalid) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [Fri Feb  3 18:02:40 2012] [error]: FAILED LOGIN for van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)


pgpmJY5CvCaXh.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-03 Thread Howell, Van 
I ran the install again, The version it put on is 0.09
FALCONE/RT-Authen-ExternalAuth-0.09.tar.gz

Not the new version. I still have the same problem

I shelled into CPAN 
perl -MCPAN -e shell

then I ran 
install RT::Authen::ExternalAuth

Is there a different way?

Sorry for the dumb questions, but I'm new to this.

Van

From: rt-users-boun...@lists.bestpractical.com 
[rt-users-boun...@lists.bestpractical.com] on behalf of Kevin Falcone 
[falc...@bestpractical.com]
Sent: Friday, February 03, 2012 1:05 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Fri, Feb 03, 2012 at 06:08:46PM +, Howell, Van wrote:
 Here is the Apache Log from my last login attempt

 [Fri Feb  3 18:02:40 2012] [debug]: Found LDAP DN: CN=Howell\, 
 Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

There was a bug reported about commas in DNs causing problems, I
wonder if you're running afoul of that (note that your testuser has a
different CN).

You can try with 0.09_02 which my colleague released last week and is
available on CPAN.  It contains a bugfix for this.

-kevin

 [Fri Feb  3 18:02:40 2012] [debug]: LDAP Search ===  Base: 
 DC=xx,DC=xxx,DC=edu == Filter: (member=CN=Howell, 
 Van,OU=Staff,OU=LCU,DC=xx,DC=xxx,DC=edu) == Attrs: dn 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
 [Fri Feb  3 18:02:40 2012] [info]: My_LDAP AUTH FAILED: van.howell 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
 [Fri Feb  3 18:02:40 2012] [debug]: LDAP password validation result: 0 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
 [Fri Feb  3 18:02:40 2012] [debug]: Password Validation Check Result:  0 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
 [Fri Feb  3 18:02:40 2012] [debug]: Autohandler called ExternalAuth. 
 Response: (0, Password Invalid) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [Fri Feb  3 18:02:40 2012] [error]: FAILED LOGIN for van.howell from 10.1.5.9 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-02 Thread Howell, Van 
# cat RT_SiteConfig.pm
Set($ExternalAuthPriority,   [ 'My_LDAP',] );
Set($ExternalInfoPriority,   [ 'My_LDAP',] );
Set($ExternalServiceUsesSSLorTLS,0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings,  {
 'My_LDAP'  =  {

'type'  =  'ldap',
'server'=  'zeus.mydomain.edu',
'user'  =  
'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu',
'pass'  =  '*',
'base'  =  
'DC=mydomain,DC=mydomain,DC=edu',

'filter'=  
'((ObjectCategory=User)(ObjectClass=Person))',
'd_filter'  =  
'(userAccountControl:1.2.840.113556.1.4.803:=2)',

'tls'   =  0,
#   'ssl_version'   =  3,

'net_ldap_args' = [ version = 3 ],
'group' =  
'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu',
'group_attr'=  'member',

'attr_match_list'   = [   'Name', 
'EmailAddress'   ],
'attr_map'  = {   'Name' = 
'sAMAccountName',
   'EmailAddress' = 
'mail',
   'Organization' = 
'physicalDeliveryOfficeName',
   'RealName' = 'cn',
   'ExternalAuthId' = 
'sAMAccountName',
   'Gecos' = 
'sAMAccountName',
   'WorkPhone' = 
'telephoneNumber',
   'Address1' = 
'streetAddress',
   'City' = 'l',
   'State' = 'st',
   'Zip' = 
'postalCode',
   'Country' = 'co'
}
}

}
);

1;
EOF


I do not have Debugging turned on. I am going to need some help turning it on 
since this is new to me.

Here are some errors from /var/log/messages...

This is a failed attempt...

Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind: 
LDAP_INVALID_CREDENTIALS 49 ) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
Feb  1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)

Here is a successful attemt

Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External 
Auth OK ( My_LDAP ): test.account 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
Feb  2 10:14:02 localhost RT: Couldn't enable user 28 
(/opt/rt4/sbin/../lib/RT/User.pm:1066)
Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per 
External Service (, ) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo 
returning Address1: , City: , Country: , EmailAddress: test.acco...@lcu.edu, 
ExternalAuthId: test.account, Gecos: test.account, Name: test.account, 
Organization: , RealName: Test Account, State: , WorkPhone: , Zip:  
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Feb  2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)

Van Howell
System Administrator
Lubbock Christian University

-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, February 01, 2012 5:33 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Wed, Feb 01, 2012 at 11:04:38PM +, Howell, Van wrote:
I have added several users into the RTUsers group I set up in AD.
 
The AD Administrator, a common Domain User called Test.Account that is 
 located in the OU with
all my other users, my personal account also located in the OU with all 
 the other users and an
alternate administrative account I use.
 
 
 
I can logon to RT with the AD Administrator account. I can logon to RT 
 with the Test.Account
and I can log in using my alternate account. But I

Re: [rt-users] External Auth using Active Directory 2008

2012-02-02 Thread Kevin Falcone 
On Thu, Feb 02, 2012 at 04:16:53PM +, Howell, Van wrote:
 I do not have Debugging turned on. I am going to need some help turning it on 
 since this is new to me.
 
 Here are some errors from /var/log/messages...
 
 This is a failed attempt...
 
 Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind: 
 LDAP_INVALID_CREDENTIALS 49 ) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
 Feb  1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 
 Here is a successful attemt
 
 Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth 
 External Auth OK ( My_LDAP ): test.account 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
 Feb  2 10:14:02 localhost RT: Couldn't enable user 28 
 (/opt/rt4/sbin/../lib/RT/User.pm:1066)
 Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per 
 External Service (, ) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
 Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo 
 returning Address1: , City: , Country: , EmailAddress: test.acco...@lcu.edu, 
 ExternalAuthId: test.account, Gecos: test.account, Name: test.account, 
 Organization: , RealName: Test Account, State: , WorkPhone: , Zip:  
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
 Feb  2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)

Since you're seeing these in /var/log/messages I assume you're using
the syslog configuration.

You want to read about LogToSyslog in etc/RT_Config.pm then copy that
setting to RT_SiteConfig.pm and change it to debug.

Restart RT and try the failed login again.

-kevin


pgpuyfWxcxDvm.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-02 Thread Howell, Van 
I added Set($LogToSyslog, debug); to my RT_SiteConfig.pm file
I don't seem to be getting an more logging.
I restarted the httpd service, didn't see any more logging so I restarted the 
server.

This is the entire tail of the messages log

[root@OpenNMS etc]# tail /var/log/messages
Feb  2 11:56:45 localhost abrtd: Dump directory is a duplicate of 
/var/spool/abrt/ccpp-2012-02-01-14:08:36-18683
Feb  2 11:56:45 localhost abrtd: Deleting dump directory 
ccpp-2012-02-02-11:54:56-2567 (dup of ccpp-2012-02-01-14:08:36-18683), sending 
dbus signal
Feb  2 12:00:42 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
match the configured WebDomain (lcu.edu). Perhaps you should Set($WebDomain, 
'192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal links may be 
broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
Feb  2 12:05:43 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
match the configured WebDomain (lcu.edu). Perhaps you should Set($WebDomain, 
'192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal links may be 
broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
Feb  2 12:10:44 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
match the configured WebDomain (helpdesk.lcu.edu). Perhaps you should 
Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal 
links may be broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
Feb  2 12:14:00 localhost RT: My_LDAP AUTH FAILED: van.howell 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
Feb  2 12:14:00 localhost RT: FAILED LOGIN for van.howell from 10.1.5.9 
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
Feb  2 12:15:45 localhost RT: The actual HTTP_HOST (192.168.1.200) does NOT 
match the configured WebDomain (helpdesk.lcu.edu). Perhaps you should 
Set($WebDomain, '192.168.1.200'); in RT_SiteConfig.pm, otherwise your internal 
links may be broken. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:1087)
Feb  2 12:16:16 localhost RT: My_LDAP AUTH FAILED: van.howell 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
Feb  2 12:16:16 localhost RT: FAILED LOGIN for van.howell from 10.1.5.9 
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)

Thanks for helping with this.

Van Howell
System Administrator
Lubbock Christian University


-Original Message-
From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Thursday, February 02, 2012 11:17 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Thu, Feb 02, 2012 at 04:16:53PM +, Howell, Van wrote:
 I do not have Debugging turned on. I am going to need some help turning it on 
 since this is new to me.
 
 Here are some errors from /var/log/messages...
 
 This is a failed attempt...
 
 Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez 
 (can't bind: LDAP_INVALID_CREDENTIALS 49 ) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:82) Feb  1 16:02:25 localhost RT: FAILED LOGIN for 
 mary.servantez from 10.1.41.95 
 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
 
 Here is a successful attemt
 
 Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth 
 External Auth OK ( My_LDAP ): test.account 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth/LDAP.pm:139) Feb  2 10:14:02 localhost RT: Couldn't enable user 28 
 (/opt/rt4/sbin/../lib/RT/User.pm:1066)
 Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) 
 per External Service (, ) 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth.pm:274) Feb  2 10:14:02 localhost RT: 
 RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , 
 City: , Country: , EmailAddress: test.acco...@lcu.edu, ExternalAuthId: 
 test.account, Gecos: test.account, Name: test.account, Organization: , 
 RealName: Test Account, State: , WorkPhone: , Zip:  
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth.pm:536) Feb  2 10:14:02 localhost RT: Successful login for 
 test.account from 10.1.5.9 
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 uth.pm:219)

Since you're seeing these in /var/log/messages I assume you're using the syslog 
configuration.

You want to read about LogToSyslog in etc/RT_Config.pm then copy that setting 
to RT_SiteConfig.pm and change it to debug.

Restart RT and try the failed login again.

-kevin


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

[rt-users] External Auth using Active Directory 2008

2012-02-01 Thread Howell, Van 
I am new to RT, Just setup a 4.0.4 server this week.
I am using CentOS 6.2 64 bit.
MySQL
Apache

I used Ken Prickett's CentOS5InstallPlus Some WIKI instructions and made the 
necessary mods to get things working, so to speak.

I am using the RT_SiteConfig.pm provided in the install doc. The only changes I 
made was to add my information.

The problem I am having is strange.
I have added several users into the RTUsers group I set up in AD.
The AD Administrator, a common Domain User called Test.Account that is located 
in the OU with all my other users, my personal account also located in the OU 
with all the other users and an alternate administrative account I use.

I can logon to RT with the AD Administrator account. I can logon to RT with the 
Test.Account and I can log in using my alternate account. But I cannot logon 
using my personal account. I also had my assistant test with her account and 
she cannot log on.
I have studied the problem and cannot find anything unique about the accounts 
that cannot logon.

Has anyone seen this problem before?


Van Howell
System Administrator
Lubbock Christian University


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] External Auth using Active Directory 2008

2012-02-01 Thread Kevin Falcone 
On Wed, Feb 01, 2012 at 11:04:38PM +, Howell, Van wrote:
I have added several users into the RTUsers group I set up in AD.
 
The AD Administrator, a common Domain User called Test.Account that is 
 located in the OU with
all my other users, my personal account also located in the OU with all 
 the other users and an
alternate administrative account I use.
 
 
 
I can logon to RT with the AD Administrator account. I can logon to RT 
 with the Test.Account
and I can log in using my alternate account. But I cannot logon using my 
 personal account. I
also had my assistant test with her account and she cannot log on.
 
I have studied the problem and cannot find anything unique about the 
 accounts that cannot
logon.

We really need to see your configuration for RT-Authen-ExternalAuth
and your logs for the failed login, turned up to debug.

-kevin


pgpsABYShCtye.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012