Hi,
Iam having trouble loging in to the Web ui with my AD-Credentials. Here is my Setup:
- an LDAP-Resolver which works (Retunrs one User as expected)
- a Realm with the name “Admin” with the LDAP-Resolver
- in pi.cfg i added Admin to the
SUPERUSER_REALM
variable - A Policy (with the Helpdesk template) with Admin-Realm set to “admin”
When i try to login with the AD-User i get “Authentication Failed.”
Here is the Corresponding Log:
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:531] Policies after matching scope: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:556] Policies after matching action: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:556] Policies after matching user: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:556] Policies after matching realm: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:591] Policies after matching resolver: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:603] Policies after matching pinode: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:633] Policies after matching client: []
[2020-07-15 12:36:17,170][320722][139959283669888][DEBUG][privacyidea.lib.policy:198] Exiting list_policies with result []
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.policy:710] Policies after matching time: []
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.policy:714] Policies after matching conditions
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.policy:198] Exiting match_policies with result []
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.user:188] Entering check_password with arguments HIDDEN and keywords HIDDEN
[2020-07-15 12:36:17,171][320722][139959283669888][INFO][privacyidea.lib.user:359] User '' from realm 'admin' tries to authenticate
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_object with arguments ('ad_admins',) and keywords {}
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': 'ad_admins'}
[2020-07-15 12:36:17,171][320722][139959283669888][DEBUG][privacyidea.lib.resolver:200] Exiting get_resolver_list with result HIDDEN
[2020-07-15 12:36:17,172][320722][139959283669888][DEBUG][privacyidea.lib.resolver:198] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f4ac9d27610>
[2020-07-15 12:36:17,174][320722][139959283669888][INFO][privacyidea.lib.resolvers.LDAPIdResolver:466] The filter '(&(memberOf=CN=privacyideaadmins,CN=Users,DC=LAB,DC=local)(&(sAMAccountName=*)(objectClass=person))(objectGUID=\\c5\\d9\\10\\b8\\b8\\2b\\4e\\43\\90\\db\\0e\\2f\\11\\b1\\61\\5f))' returned no DN.
[2020-07-15 12:36:17,174][320722][139959283669888][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:333] Authtype: 'Simple'
[2020-07-15 12:36:17,174][320722][139959283669888][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:334] user : ''
[2020-07-15 12:36:17,174][320722][139959283669888][WARNING][privacyidea.lib.resolvers.LDAPIdResolver:354] failed to check password for 'b810d9c5-2bb8-434e-90db-0e2f11b1615f'/'': Exception('No valid user. Empty bind_user.')
[2020-07-15 12:36:17,175][320722][139959283669888][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:355] Traceback (most recent call last):
File "./privacyidea/lib/resolvers/LDAPIdResolver.py", line 338, in checkPass
raise Exception("No valid user. Empty bind_user.")
Exception: No valid user. Empty bind_user.
[2020-07-15 12:36:17,175][320722][139959283669888][INFO][privacyidea.lib.user:371] user User(login='', realm='admin', resolver='ad_admins') failed to authenticate.
[2020-07-15 12:36:17,175][320722][139959283669888][DEBUG][privacyidea.lib.user:198] Exiting check_password with result None
[2020-07-15 12:36:17,175][320722][139959283669888][DEBUG][privacyidea.lib.auditmodules.base:185] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f4ac91d1eb0>, {'user': '', 'administrator': '', 'realm': 'admin', 'resolver': 'ad_admins', 'serial': None, 'info': 'logged in as franadm. |loginmode=None'}) and keywords {}
[2020-07-15 12:36:17,175][320722][139959283669888][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None
[2020-07-15 12:36:17,206][320722][139959283669888][DEBUG][privacyidea.api.before_after:90] End handling of request '/auth?'
The wierd thing about it is this Line:
[2020-07-15 12:36:17,174][320722][139959283669888][INFO][privacyidea.lib.resolvers.LDAPIdResolver:466] The filter '(&(memberOf=CN=privacyideaadmins,CN=Users,DC=LAB,DC=local)(&(sAMAccountName=*)(objectClass=person))(objectGUID=\\c5\\d9\\10\\b8\\b8\\2b\\4e\\43\\90\\db\\0e\\2f\\11\\b1\\61\\5f))' returned no DN.
because my objectGUID
is b810d9c5-2bb8-434e-90db-0e2f11b1615f
As you can see three lines after the Wierd line.
Is there something wrong with my Configuration?
vielen Dank im Voraus!