first time log into the Webadm portal issue

[mark.b]

Hello,

Hoping that you can help me:

I'm trying to try out the OpenOTP, 

My Environment contains one windows 2012 R2 active directory i have deployed the RCVM-OpenLDAP_OVF-EL7-1.6.1

i have tried both setting up me RCDevs server once with the internal ldap ( option 1 )  and then connecting it to my Active directory or using an active directory (option 3) ( configuring the servers.xml file ) and the objects file with the FQDN and user password.

For the love of life i cant workout why i cant log in to my WEBadm portal using the full DN credentials  ( CN=Administrator,CN=Users, ,DC=domainname,dc=local )

i keep getting a notice telling me : wrong username or password

in the setup when asked for those credentials it connects ok to the LDAP.

Any ideas ??? very frustrating

Thanks

Mark

[Yoann Traut (RCDevs)]

Hello Mark, 

Have you defined your user CN=Administrator,CN=Users,DC=domainname,dc=local as a super_admin in /opt/webadm/conf/webadm.conf ? 

Which scenario you finally need ? A setup with AD I suppose...  

Regards  

[mark.b]

Yes, i have configured the full user CN     CN=Administrator,CN=Users,DC=trans,dc=local in the file

i have double checked the password that i configured in the firs but i have noticed that when i run the command : service webadm restart ( or when restarting the machine )  i noticed that there is the following error"
Connected LDAP server: ERROR ( no server available ),
 

i have tried this is two separate lab environments with different Active directories !!

the IP of the Active directory in the file i configured is correct.

I have  tried installing using option 3 an external active directory LDAP and when prompts for a user and password of a user that ha permission i got connected ok

Thanks,

Mark

[Mark Berelowitz (AOT)]

Yes, i have configured the full user CN     CN=Administrator,CN=Users,DC=trans,dc=local in the file

i have double checked the password that i configured in the firs but i have noticed that when i run the command : service webadm restart ( or when restarting the machine )  i noticed that there is the following error"
Connected LDAP server: ERROR ( no server available ),
 

i have tried this is two separate lab environments with different Active directories !!

the IP of the Active directory in the file i configured is correct.

I have  tried installing using option 3 an external active directory LDAP and when prompts for a user and password of a user that ha permission i got connected ok

Thanks

Mark

Regards,

Mark Berelowitz
IT Customer Support Center Manager, Israel
Motorola Solutions, Inc.

O:  +972-3-625-6175

M: +972-53-625-6175

E: Mar...@motorolasolutions.com

--
You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technical+unsubscribe@googlegroups.com.
To post to this group, send email to rcdevs-technical@googlegroups.com.
Visit this group at https://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Yoann Traut (RCDevs)]

Hello,

Could you show me your LDAP configuration in /opt/webadm/conf/servers.xml ? 

Regards 

[mark.b]

i have just redeployed my OVF frsh installation and have not even set up and configured the files ( xml and conf ) and notice the error i get ,
Please  see picture attached

[Yoann Traut (RCDevs)]

please, follow this documentation to setup AD with WebADM : 

https://www.rcdevs.com/docs/howtos/ad_openotp/ms_ad/

Regards 

[francois...@rcdevs.com]

Do you have already changed something on the vm outside of the setup script?

Can you check the ip with "ip a"?

Can you check the firewall with "firewall-cmd --list-all"

Can you check that you have "PasswordAuthentication yes" and "PermitRootLogin yes" in /etc/ssh/sshd_config?

[mark.b]

Hello,

Just to be sure, i have once again redeployed a new machine, i have not touched any settings other them in the pictures attached in the link:

the Servers.xml file reconfigured 

and the webadm.conf reconfigured
the error after service restart (LDAP- error )

https://drive.google.com/drive/u/0/folders/1_pL3fVr8CqHrzS4FbGyANsDMpCImBL0D

[Yoann Traut (RCDevs)]

The error is about the proxy_user and not about ldap configuration. 

Your LDAP containers configuration should be saved in an new OU dedicated to webadm object containers. So create a new OU on your AD and change container declaration with 

CN=AdminRoles,OU=WebADM,DC=trans,dc=local

CN=OptionSets,OU=WebADM,DC=trans,dc=local

... 

Restart WeADM services and try to login on the WebADM GUI. 

If you still have the proxy_user error, don't take into account. 

Finish the graphical setup after the first login. 

Regards 

[mark.b]

WOW

ok so i understand i need to make the change in my Active directory

are the Adminroles and Optionsets -  Groups \ users ?
see pic attached

[francois...@rcdevs.com]

I think I understand the problem now. There is a small error in the setup script who replace the configured file by the default one.

You can correct it like this:

cd /opt/webadm/conf/

cp webadm.conf.bak webadm.conf

cp servers.xml.bak servers.xml

cp objects.xml.bak objects.xml

/opt/webadm/bin/webadm restart 

Or you can wait for the update of the ovf, it should be done this week.

On Monday, February 5, 2018 at 2:41:51 PM UTC+1, francois...@rcdevs.com wrote:

I think I understand the problem now. There is a small error in the setup script who replace the configured file by the default one.

You can correct it like this:

cp webadm.conf.bak webadm.conf

cp servers.xml.bak servers.xml

cp objects.xml.bak objects.xml

/opt/webadm/bin/webadm restart 

Or you can wait for the update of the ovf, it should be done this week.

[mark.b]

just did that, do i now need to reconfigure the servers.xml and thewebadm.conf files again to point to my AD and OU ?

[Yoann Traut (RCDevs)]

Yes if it's not done yet.

Regards 

[mark.b]

so i have copied the BAK files and replaced the regular files with the backup files

looks like now its connecting to the LDAP but i still cant log in to the web portal

[Yoann Traut (RCDevs)]

did you already configure your CN=Administrator... as super_admin in /opt/webadm/conf/webadm.conf ? 

Regards  

[mark.b]

i have reconfigured the Servers.xml and the webadm.conf files

[Yoann Traut (RCDevs)]

could you show me the super_admin configuration in webadm.conf please ? 

Regards 

[mark.b]

Please see attached the configuration for super admin

what do i need to place in the new OU ( WebADM )  in my Active Directory ? a user or a group named AdminRoles  and optionSets ??

How should the OU be set up ???

[Yoann Traut (RCDevs)]

super_admin configuration is wrong. 

Nothing "to place" on the AD. WebADM will create each object during the graphical setup. 

The new OU is just to store at the same place the WebADM objects.

in super_admin configuration, remove both value and put your CN=Administrator...,CN=Users... 

Please, read this documentation... everything is written here 

https://www.rcdevs.com/docs/howtos/ad_openotp/ms_ad/

Regards 

[mark.b]

thanks to your endless patients and great help i have made a huge step forwards

manged to finaly log in to the web portal but cant create the containers or the webadm super admin groups 

[Yoann Traut (RCDevs)]

Your containers declaration in webadm.conf is completely wrong...

you should have something like that :

adminroles_container "cn=AdminRoles,ou=WebADM,dc=mydomain,dc=com"

# WebADM Optionsets container optionsets_container "cn=OptionSets,ou=WebADM,dc=mydomain,dc=com" # WebApp configurations container webapps_container "cn=WebApps,ou=WebADM,dc=mydomain,dc=com" # WebSrv configurations container websrvs_container "cn=WebSrvs,ou=WebADM,dc=mydomain,dc=com" # Mount points container mountpoints_container "cn=Mountpoints,ou=WebADM,dc=mydomain,dc=com" # Domain and Trusts container domains_container "cn=Domains,ou=WebADM,dc=mydomain,dc=com" # Clients container clients_container "cn=Clients,ou=WebADM,dc=mydomain,dc=com"

where ou=WebADM is a new OrganizationalUnit previously created...

you don't have to change cn=Clients, cn=Domains, cn=WebApps...

Please again, have a look here :

https://www.rcdevs.com/docs/howtos/ad_openotp/ms_ad/#3-2-webadm-configuration-file

Regards

[mark.b]

i honestly dont know what im doing wrong
i have read the setup doc

i think that my settings are ok but i still cant complete the Webadm setup:

i cant create the webadm super admin groups

and i cant create the default Containers and objects

[francois...@rcdevs.com]

Hi

Active Directory doesn't allow to use "dc=" outside of the naming context.

dc=AdminRoles,dc=WebADM,dc=mydomain,dc=com should become cn=AdminRoles,cn=WebADM,dc=mydomain,dc=com etc.