[ZendTo] AD Auth issue

Kevin Miller kevin.miller at juneau.org
Thu Jun 15 18:06:09 BST 2017 

I presume you have an account in AD called "zendto", yes?
Might be a shot in the dark, but try replacing the DC name with the IP address of the domain controller.  It may be a name resolution issue.  If it starts working after that, check your /etc/nsswitch.conf.  I had to edit mine as follows:

  #hosts:          files mdns4_minimal [NOTFOUND=return] dns
  hosts:          files dns

HTH...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Craig Gilbert
Sent: Wednesday, June 14, 2017 6:07 AM
To: zendto at zend.to
Subject: [ZendTo] AD Auth issue

Hello all,

We are attempting to deploy ZendTo in our environment but are having issues with AD auth.

We have reviewed the page at http://zend.to/activedirectory.php and are getting results from the example ldapsearch command.

Our AD authenticator settings in preferences.php are as follows (redacted identifying info):

  'authenticator'             => 'AD',
  'authLDAPBaseDN1'           => 'OU=User Accounts,OU=Company,DC=domain,DC=local',
  'authLDAPServers1'          => array('dc1.domain.local','dc2.domain.local','dc3.domain.local','dc4.domain.local'),
  'authLDAPAccountSuffix1'    => '@domain.local',
  'authLDAPUseSSL1'           => false,
  'authLDAPBindUser1'         => 'zendto',
  'authLDAPBindPass1'         => 'password',
  'authLDAPOrganization1'     => 'Company',
  // If you are not using this 2nd set of settings for a 2nd AD forest,
  // do not comment them out, but instead set them to be empty.
  'authLDAPBaseDN2'           => '',
  // Set
       'authLDAPServers2' => array(),
  // if you only have to search 1 AD forest/domain.
  'authLDAPServers2'          => array(),
  'authLDAPAccountSuffix2'    => '',
  'authLDAPUseSSL2'           => false,
  'authLDAPBindUser2'         => '',
  'authLDAPBindPass2'         => '',
  'authLDAPOrganization2'     => '',

Every time we try to authenticate with a valid user using either a sAMAccountName or userPrincipalName, the error  'Authentication Error
The username or password was incorrect.' Is shown in ZendTo. If it matters, our users are in a Sub-OU of the value in authLDAPBaseDN1, however they are shown in the ldapsearch command.

Any assistance is greatly appreciated.

Kind Regards,

Craig Gilbert
Systems Architect

Nexus, Nexus House, St James' Boulevard, Newcastle upon Tyne, NE1 4AX
Tel 0191 203 3268

**********************************************************************************
Any views or opinions expressed by the sender of this message do not
necessarily represent those of Nexus.

This message is intended for the addressee only. It is confidential and
may contain private or privileged information. It must not be copied or
its contents disclosed to anyone other than the addressee. If it is
delivered to you in error please destroy all copies of it immediately and
contact the sender.

Please note that neither Nexus nor the sender accepts any responsibility
for viruses and it is your responsibility to scan or otherwise check this
email and any attachments.
**********************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20170615/4daec4a8/attachment.html

More information about the ZendTo mailing list