[ZendTo] unable to login

Jules Field Jules at Zend.To
Wed Jul 25 17:17:54 BST 2018



On 25/07/2018 16:51, Sallee, Jake via ZendTo wrote:
> Jules:
>
> Thank you for your response.  I read the upgrade instructions but I apparently did not read them closely enough.  I read the bit about running the two commands as only being necessary if you are upgrading from a version earlier than 5.0.
>
> My apologies, it was my mistake.
You should always run them after any ZendTo upgrade, as I may well have 
added or removed preferences.php settings or zendto.conf strings.

>
> I did run the upgrade commands(and a reboot for good measure) and it did take care of the missing config option for me and the error is no longer showing up in the log file, so that is nice.
>
> But I still cannot log in.
>
> The ldap search command works using the info from my current preferences.php file, shouldn't that mean it should be working?
Yes, it should.

With the bind username+password blacked out, would you like to show us 
your AD settings in  preferences.php?
Also, I assume you've got "authenticator" set to "AD", and you haven't 
got *multiple* lines in preferences.php setting the value of 
"authenticator"? That is always worth checking...

>
> What is really weird is when I do a packet capture I can see the bind response for the user logging in (me in this case) succeeds but the web page still says it failed ... is there a log file I can look at or something?
If the bind is working, that implies the username+password check is 
succeeding.
After that, it reads some attributes for the user, so it may be that bit 
that's failing.
The relevant code is in /opt/zendto/lib/NSSADAuthenticator.php, it's 
pretty straightforward code.
(In that file you will find most of the code replicated in 2 functions. 
If you add some calls to "NSSError()" and they don't appear in the web 
page response to your login attempt, you've probably added them in the 
wrong function!
You can just add things like
     NSSError("My debug output text", "Debug");
into the code and those should appear as error messages in the web page 
when you try to login.

Cheers,
Jules.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> ________________________________________
> From: Jules Field <Jules at Zend.To>
> Sent: Wednesday, July 25, 2018 9:23 AM
> To: ZendTo Users
> Cc: Sallee, Jake
> Subject: Re: [ZendTo] unable to login
>
> Jake,
>
> The PHP notice you got shows that you haven't used
>       /opt/zendto/bin/upgrade_preferences_php
> and/or
>       /opt/zendto/bin/upgrade_zendto_conf
> to upgrade those files. Once you've upgraded your preferences.php and
> zendto.conf files correctly, all the expected settings will be in them.
>
> For AD authentication troubleshooting, please see
> https://urldefense.proofpoint.com/v2/url?u=http-3A__zend.to_activedirectory.php&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=YoqPu2mQX7tUfQl8dXTkzGHuKZszFpEyBAE2uYB-kyk&e=
>
> Cheers,
> Jules.
>
>
> On 25/07/2018 14:54, Sallee, Jake via ZendTo wrote:
>> All:
>>
>> I'm having a weird issue in ZendTo version 5.02 with MS AD as the backend user DB.
>>
>> No one is able to login when they try they get:
>>
>> Authentication Error
>> The username or password was incorrect.
>>
>> However I have verified my username and password and still I am not able to log in.
>>
>> I have been scouring the logs without much success.  the only thing I see is this when I get the error on login:
>>
>> ==> /var/log/apache2/error.log <==
>> [Wed Jul 25 08:32:17.700721 2018] [php7:notice] [pid 3496] [client 10.11.0.54:47742] PHP Notice:  Undefined index: SMTPsetFromToSender in /opt/zendto/lib/NSSDropbox.php on line 317
>>
>> Line 317 in the referenced file is this:
>>
>> $this->_SMTPsetFromToSender   = $prefs['SMTPsetFromToSender'];
>>
>> It seems to be referencing an non-existent setting in the preferences.php file, but commenting this line out changed nothing.
>>
>> I have firewall logs showing there is communication going to the AD servers and this setup was working but then stopped.  As far as I can tell the AD integration bits are setup correctly ... I' am at a loss here.
>>
>> Is there another log file I can look at to get some more info?  Is there some other troubleshooting step I can use (like a debug mode somewhere) to see more info?
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> http://WWW.UMHB.EDU
>>
>> 900 College St.
>> Belton, Texas
>> 76513
>>
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=Z2YAnd5KuimjzLxfzaxEnjtbZX0J-9k6Na60pl5V7Qs&e=
> Jules
>
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Probability factor of one to one. We have normality. I repeat, we
>    have normality. Anything you still can't cope with is therefore
>    your own problem.' - Trillian, The Hitch Hikers Guide to the Galaxy
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Zend.To&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=r_o7N-YZzAEiryEcRfnxnwyLaFR3nV848AWPI1EEL4c&e=
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

Dogger, Fisher, German Bight: East 2 or 3, occasionally 4 later. Smooth or
slight. Fair. Good.

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




More information about the ZendTo mailing list