You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In reality, the administrator a/c in the AD has this email address, but I don't use it for Shinken access.
If shinken has been restarted, initial login as cantlep with correct AD password works. If a logout is performed and a re-login is tried, the login fails. However, if you use the password that is valid for the account that has the email address "[email protected]" (administrator) it works. Logs as follows:
This is how it should work all of the time (but this only works on a fresh restart of shinken)
[1472428264] INFO: [broker-master] [WebUI] user 'cantlep' is signing in ...
[1472428264] INFO: [broker-master] [WebUI] Authenticating user 'cantlep' with auth-active-directory
[1472428264] INFO: [broker-master] [Active Directory UI] AD/Ldap Connection done
[1472428264] INFO: [broker-master] [Active Directory UI] AD/LDAP: search for contact cantlep
[1472428264] INFO: [broker-master] [Active Directory UI] Filter (| (samaccountname=cantlep)(mail=[email protected]))
[1472428264] INFO: [broker-master] [Active Directory UI] Find account principalname [email protected]
[1472428264] INFO: [broker-master] [Active Directory UI] AD/Ldap Connection done with user cantlep
[1472428264] INFO: [broker-master] [WebUI] User 'cantlep' is authenticated by auth-active-directory
Now if a logout is performed and a re-authentication is attempted, this is what happens:
Notice how the samaccountname has been borked and then the principalname used is [email protected] So I now need to enter the username of cantlep but with administrator's AD password to get a successful login.
Hope that makes sense.
The text was updated successfully, but these errors were encountered:
Could be related to previous issues discussed:
Contact Name = cantlep
email = [email protected]
In reality, the administrator a/c in the AD has this email address, but I don't use it for Shinken access.
If shinken has been restarted, initial login as cantlep with correct AD password works. If a logout is performed and a re-login is tried, the login fails. However, if you use the password that is valid for the account that has the email address "[email protected]" (administrator) it works. Logs as follows:
This is how it should work all of the time (but this only works on a fresh restart of shinken)
[1472428264] INFO: [broker-master] [WebUI] user 'cantlep' is signing in ...
[1472428264] INFO: [broker-master] [WebUI] Authenticating user 'cantlep' with auth-active-directory
[1472428264] INFO: [broker-master] [Active Directory UI] AD/Ldap Connection done
[1472428264] INFO: [broker-master] [Active Directory UI] AD/LDAP: search for contact cantlep
[1472428264] INFO: [broker-master] [Active Directory UI] Filter (| (samaccountname=cantlep)(mail=[email protected]))
[1472428264] INFO: [broker-master] [Active Directory UI] Find account principalname [email protected]
[1472428264] INFO: [broker-master] [Active Directory UI] AD/Ldap Connection done with user cantlep
[1472428264] INFO: [broker-master] [WebUI] User 'cantlep' is authenticated by auth-active-directory
Now if a logout is performed and a re-authentication is attempted, this is what happens:
[1472428278] INFO: [broker-master] [WebUI] user 'cantlep' is signing in ...
[1472428278] INFO: [broker-master] [WebUI] Authenticating user 'cantlep' with auth-active-directory
[1472428278] INFO: [broker-master] [Active Directory UI] AD/Ldap Connection done
[1472428278] INFO: [broker-master] [Active Directory UI] AD/LDAP: search for contact Paul Cantle
[1472428278] INFO: [broker-master] [Active Directory UI] Filter (| (samaccountname=Paul Cantle)(mail=[email protected]))
[1472428278] INFO: [broker-master] [Active Directory UI] Find account principalname [email protected]
[1472428278] ERROR: [broker-master] [Active Directory UI] Ldap auth error: {'info': '80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}
Notice how the samaccountname has been borked and then the principalname used is [email protected] So I now need to enter the username of cantlep but with administrator's AD password to get a successful login.
Hope that makes sense.
The text was updated successfully, but these errors were encountered: