WebAdm Portal login problems working with AD

[whitescma]

I'm setting up WebAdm and OpenOTP using the VM appliance.  So far it looks like I have the appliance setup correctly as it connects to my MS AD server and when I put in the IP address of the appliance, I see the portal login screen come up.  The problem I'm having is when I try to login to the Portal.  It keeps telling me that I have an invalid username or password.  I'm using the same account I put in the webadm.conf file for super admin. I've tried that ID and also the Proxy User ID, but it will not recognize it as valid.  What could I have missed?

Thanks

[Spyridon Gouliarmis (RCDevs)]

You put in the full DN of your user account, right? That's what WebADM means by "DN login mode".

[whitescma]

Yes. for example for the login I put in:

cn=username,cn=users,dc=domain,dc=local

and the the password

[Spyridon Gouliarmis (RCDevs)]

Okay, show us the super_admins section of your webadm.conf so we can check for typos. What does /opt/webadm/logs/httpd.log say?

[Craig White]

super_admins "cn=administrator,cn=users,dc=cmausa,dc=local" \

                      "cn=domain admins,cn=users,dc=cmausa,dc=local"


​
​

--
You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.
Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

--

                                                                                                                                                 

[Spyridon Gouliarmis (RCDevs)]

What does the event log on the Active Directory side has to say about the login attempt? Also, check that, in servers.xml, you are pointing to the right AD server (really, I've seen it happen).

I don't see a comma in the configuration line you pasted. I'm not sure it makes any difference, but you can start by adding one.

[Craig White]

I'm not sure where there is a missing comma.  I have them in between each of the AD items.  Is there supposed to be one somewhere else in the lines that I've missed?

The Security Log has the Webadm account I setup for the proxy user connecting when I start the portal.  But it gets an Audit Failure for the Administrator login.  Reason: Unknown user name or bad password.  It then shows some blocked packets and connections to the IP address of the appliance.

[Spyridon Gouliarmis (RCDevs)]

I meant I expected to see this:

super_admins "cn=administrator,cn=users,dc=cmausa,dc=local", \ <-- a comma right here

                      "cn=domain admins,cn=users,dc=cmausa,dc=local"

although the parser probably does not care.

Not to rule out other potential issues, but if both WebADM and the event log say that either the user name or the password are wrong, then maybe either the user name or the password are wrong. Can you try creating a test user with a simple password and carefully go through the process using those new credentials? (Carefully = writing out the password in Notepad and then pasting it in the text box.)

If that still does not work, well, we might have an interesting bug on our hands, and if you have the time, we would like to see it for ourselves over a conf call.

[whitescma]

Well, it appears that the missing comma was the issue. After putting it in, I could connect and finish the setup.  Some initial testing during user setup with the QR reader and email worked, but it wouldn't during an actual application test with our VPN. I'll start a new thread for that issue.

Thanks