[ZendTo] {Disarmed} RE: Re: {Disarmed} RE: Re: {Disarmed} issue with rendered site

Erik Britt ebritt at cshlaw.com
Thu Dec 12 16:56:07 GMT 2013


Richard thank you for your suggestions. I am able to resolve the DC’s by name from the Zendto box, (I added the info in the hosts file for good measure). I also don’t think we’re having a firewall issue/port issue, we get the same result with SSL turned on or off.

Currently, when turned off it appears the site will cannot find either my usernames or passwords.
[cid:image003.jpg at 01CEF731.24175490]
Here’s the AD entry in my preferences file:
'authenticator'             => 'AD',
'authLDAPBaseDN1'           => 'DC=domain,DC=com',

'authLDAPServers1'          => array('0.0.0.4','0.0.0.7','0.0.0.9'),    ----(our 3 domain controller's ip addresses)

'authLDAPAccountSuffix1'    => '',

'authLDAPUseSSL1'           => false,

'authLDAPBindUser1'         => 'user at domain.com',

'authLDAPBindPass1'         => '********',

'authLDAPOrganization1'     => '',
  // If you are not using this 2nd set of settings for a 2nd AD forest,
  // do not comment them out, but instead set them to be empty.
'authLDAPBaseDN2'           => '',
// Set
//            'authLDAPServers2'          => array(),
'authLDAPAccountSuffix2'    => '',

'authLDAPUseSSL2'           => false,

'authLDAPBindUser2'         => '',

'authLDAPBindPass2'         => '',

'authLDAPOrganization2'     => '',




[http://www.cshlaw.com/images/elogo_stacked.jpg]<http://www.cshlaw.com/>



Erik Britt
IT Department
e-mail<mailto:ebritt at cshlaw.com>
www.cshlaw.com<http:/www.cshlaw.com>


p       +19198638828
f       +19198633427

Post Office Box 27808
Raleigh NC 27611-7808


From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Richard Patterson
Sent: Tuesday, December 10, 2013 4:41 PM
To: ZendTo Users
Subject: [ZendTo] Re: {Disarmed} RE: Re: {Disarmed} issue with rendered site

I have successfully setup AD auth.

The error you have received indicates that the ZendTo box was unable to connect to the AD DC. If it look a long time to appear after entering details then it’s likely to be a firewall issue (and the connection timed out) - Make sure port 389 is allowed from ZendTo to your AD DC.

If on the other hand the error appeared quickly after entering username and password, then it’s probably a name resolution problem.

Rather than reconfigure DNS, i simply added an entry into /etc/hosts so that ZendTo could resolve the hostname of the DC.

These are the settings I used:

  'authenticator'             => 'AD',
  'authLDAPBaseDN1'           => ‘DC=mydomain,DC=local’,   // There is no need to specify an OU
  'authLDAPServers1'          => array(‘mydc1.mydomain.local’),  // I added an entry into /etc/hosts for this
  'authLDAPAccountSuffix1'    => ‘@mydomain.local',
  'authLDAPUseSSL1'           => false,
  'authLDAPBindUser1'         => 'zendto',
  'authLDAPBindPass1'         => ‘<some random secret>’,   // password as set for the user in AD
  'authLDAPOrganization1'     => ‘MyCompany Name',

// Make sure you set the values ending in 2 as empty:

  'authLDAPBaseDN2'           => '',
  'authLDAPServers2'          => array(),
  'authLDAPAccountSuffix2'    => '',
  'authLDAPUseSSL2'           => false,
  'authLDAPBindUser2'         => '',
  'authLDAPBindPass2'         => '',
  'authLDAPOrganization2'     => ‘',


I hope this helps.

Regards

Richard


--
Richard Patterson

HelpQuick Ltd
The headquarters of
innovative IT solutions

Office: 0191 2582888, Fax: 0191 6408666
Web: http://www.helpquick.co.uk<http://www.helpquick.co.uk/>

Have you used our services? Why not write a review on the FreeIndex<http://www.freeindex.co.uk/wr.htm?id=144533&br=1> website

HelpQuick Limited, Registered in England & Wales, Company number
5334746, Vat registration number: 859 6133 89, Registered office:
18 Camden Square, North Shields, NE30 1NR, UK


On 10 Dec 2013, at 18:08, Richard Patterson <richard at helpquick.co.uk<mailto:richard at helpquick.co.uk>> wrote:


There are so many things that could be preventing this from working... I haven't tried LDAP / AD auth with ZendTo yet, so I can only suggest things to check / try.

Is there a firewall between the ZendTo box and your DCs?

Is the windows firewall on the DC allowing traffic from ZendTo (try turning it off temporarily to test)?

Can you ping the DC by name from the ZendTo box? (Is name resolution for your domain working correctly?)

Which version of Windows is your DC running?

Regards

Richard


On 10/12/2013 17:34, Erik Britt wrote:
Again, thank you Richard, I’ll certainly pay closer attention to case going forward.

The next issue I’m having is getting the site to connect to an authentication server:
<Mail Attachment.png>
We’re using AD auth and I have populated the preferences file accordingly. I’m not getting any hits in the security logs of our authentication servers when I attempt to log into the site.

Erik


[cid:~WRD000.jpg]<http://www.cshlaw.com/>




Erik Britt
IT Department
e-mail<mailto:ebritt at cshlaw.com>
MailScanner has detected a possible fraud attempt from "http:" claiming to bewww.cshlaw.com<http://www.cshlaw.com/>

p

+19198638828

f

+19198633427


Post Office Box 27808
Raleigh NC 27611-7808


From: zendto-bounces at zend.to<mailto:zendto-bounces at zend.to> [mailto:zendto-bounces at zend.to] On Behalf Of Richard Patterson
Sent: Tuesday, December 10, 2013 12:26 PM
To: ZendTo Users
Subject: [ZendTo] Re: {Disarmed} issue with rendered site

Hi Erik,

Yes, the localIPSubnets (note the lower case L at the beginning) is defined in ../config/preferences.php

What other errors did you encounter and how did you fix them?

Regards

Richard

On 10/12/2013 16:19, Erik Britt wrote:
Our site is configured, but we keep running into line by line errors, this one I have not been able to figure out how to clear. <Mail Attachment.png>
This is line 1089 in the NSSDropbox.php file:
<Mail Attachment.png>

Does this line get populated from the “Localipsubnets” line in the preferences.php file?

Thank you




<Mail Attachment.jpeg><http://www.cshlaw.com/>




Erik Britt
IT Department
e-mail<mailto:ebritt at cshlaw.com>
MailScanner has detected a possible fraud attempt from "http:" claiming to bewww.cshlaw.com<http://www.cshlaw.com/>

p

+19198638828

f

+19198633427


Post Office Box 27808
Raleigh NC 27611-7808



Confidentiality Notice:  If you are not the intended recipient of this message, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this communication. This communication may contain information that is proprietary, attorney/client privileged, attorney work product, confidential or otherwise legally exempt from disclosure. If you have received this message in error, please notify the sender immediately either by phone (800-849-4444) or by return e-mail and destroy all copies of this message (electronic, paper, or otherwise).





_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto





_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20131212/f239c74f/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20131212/f239c74f/attachment-0002.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3827 bytes
Desc: image003.jpg
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20131212/f239c74f/attachment-0003.jpg 


More information about the ZendTo mailing list