WebADM and openOTP
459 views
Skip to first unread message
Sergio Dürig
May 16, 2013, 4:43:15 AM5/16/13
to rcdevs-t...@googlegroups.com
Hi
I have WebADM configured with 2008 r2 Active Direcotry.
I can successful Login with UID Mode with the super Admin.
The OTP Ath Server is registered and configured with the Domain.
I can creat a new User in WebADM or take an existing ActiveDirectory User.
But i haven't the section "Application Actions", so i can't Register a Token,...
How do i get this function?
Thanks
Sergio
Sergio Dürig
May 16, 2013, 4:47:58 AM5/16/13
to rcdevs-t...@googlegroups.com
Printscreen with the missing functions
Administrators
May 16, 2013, 8:48:54 AM5/16/13
to RCDevs Security Solutions - Technical
I suppose this AD has been upgraded from 2003 to 2008?
Please check you raised the AD levels to 2008:
- Raise AD DomainControllerFunctionality level to 2008
- Raise AD DomainFunctionality level to 2008
- Raise AD ForestFunctionality level to 2008
Note : If you use the latest WebADM, when you restart it and login, it
should log the problem in /opt/webadm/logs/httpd.log.
On 16 mai, 10:47, Sergio Dürig <sergio.duerig.mob...@gmail.com> wrote:
> Printscreen with the missing functions
>
> <https://lh3.googleusercontent.com/-w1QqdsqC5yc/UZSdKmyg3WI/AAAAAAAAAl...>
Please check you raised the AD levels to 2008:
- Raise AD DomainControllerFunctionality level to 2008
- Raise AD DomainFunctionality level to 2008
- Raise AD ForestFunctionality level to 2008
Note : If you use the latest WebADM, when you restart it and login, it
should log the problem in /opt/webadm/logs/httpd.log.
On 16 mai, 10:47, Sergio Dürig <sergio.duerig.mob...@gmail.com> wrote:
> Printscreen with the missing functions
>
Sergio Dürig
May 16, 2013, 1:23:23 PM5/16/13
to rcdevs-t...@googlegroups.com
Thank you.
That was exactly the problem
That was exactly the problem
Marc Schubert
Jun 14, 2013, 9:35:17 AM6/14/13
to rcdevs-t...@googlegroups.com
Hi,
i got the same problem, but i can't raise the AD levels at this moment. Is there an other workaround?
Thx
Marc
i got the same problem, but i can't raise the AD levels at this moment. Is there an other workaround?
Thx
Marc
Administrators
Jun 14, 2013, 10:23:39 AM6/14/13
to RCDevs Security Solutions - Technical
Ok we added a tweak to the Testing WebADM 1.2.5-1 (here
http://www.rcdevs.com/downloads/index.php?id=15bcf8686fb5748c409417e4020d168a)
Install this version and do NOT add the "user" objectclass to the
webadm_account_oclasses in /opt/webadm/conf/webadm.conf
So keep: webadm_account_oclasses "webadmAccount"
It will make WebADM keep on working in AD-2008 mode instead of
switching to 2003 compatibility mode.
Try and see...
http://www.rcdevs.com/downloads/index.php?id=15bcf8686fb5748c409417e4020d168a)
Install this version and do NOT add the "user" objectclass to the
webadm_account_oclasses in /opt/webadm/conf/webadm.conf
So keep: webadm_account_oclasses "webadmAccount"
It will make WebADM keep on working in AD-2008 mode instead of
switching to 2003 compatibility mode.
Try and see...
Marc Schubert
Jun 14, 2013, 11:03:30 AM6/14/13
to rcdevs-t...@googlegroups.com
the Button is there now, but if i use
ist i got "Could not add extension to object 'CN=test,OU=Service
Benutzer,OU=Veenker,DC=intra,DC=veenkergmbh,DC=de'.
httpd.log shows
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] ActiveDirectory domainFunctionality level is 2 (pre-2008) - Please raise domainFunctionality level to 2008 or more
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] To force AD-2003 compatibility mode, add 'user' to webadm_account_oclasses in webadm.conf
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] ActiveDirectory forestFunctionality level is 0 (pre-2008) - Please raise forestFunctionality level to 2008 or more
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] To force AD-2003 compatibility mode, add 'user' to webadm_account_oclasses in webadm.conf
[Fri Jun 14 16:55:09 2013] [192.168.0.54] [Admin_6015FE08] Login success for 'CN=Administrator,CN=Users,DC=intra,DC=veenkergmbh,DC=de' (super admin)
[Fri Jun 14 16:55:35 2013] [192.168.0.54] [Admin_6015FE08] Could not modify LDAP object 'CN=test,OU=Service Benutzer,OU=Veenker,DC=intra,DC=veenkergmbh,DC=de' (Server is unwilling to perform)
And in Webadm.conf the user objectclass is NOT set to webadm_account_oclases
httpd.log shows
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] ActiveDirectory domainFunctionality level is 2 (pre-2008) - Please raise domainFunctionality level to 2008 or more
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] To force AD-2003 compatibility mode, add 'user' to webadm_account_oclasses in webadm.conf
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] ActiveDirectory forestFunctionality level is 0 (pre-2008) - Please raise forestFunctionality level to 2008 or more
[Fri Jun 14 16:55:01 2013] [192.168.0.54] [Admin] To force AD-2003 compatibility mode, add 'user' to webadm_account_oclasses in webadm.conf
[Fri Jun 14 16:55:09 2013] [192.168.0.54] [Admin_6015FE08] Login success for 'CN=Administrator,CN=Users,DC=intra,DC=veenkergmbh,DC=de' (super admin)
[Fri Jun 14 16:55:35 2013] [192.168.0.54] [Admin_6015FE08] Could not modify LDAP object 'CN=test,OU=Service Benutzer,OU=Veenker,DC=intra,DC=veenkergmbh,DC=de' (Server is unwilling to perform)
And in Webadm.conf the user objectclass is NOT set to webadm_account_oclases
Marc Schubert
Jun 22, 2013, 4:58:58 AM6/22/13
to rcdevs-t...@googlegroups.com, marc.s...@googlemail.com
My fault, Update/Patch is working!! Domain was 2003 but forest was in level 2000 after upgrade forest level ist work!
Thanks a lot.
Thanks a lot.
Reply all
Reply to author
Forward
0 new messages