Hello,
I am trying to integrate with AD, however, after config.pm modify the script, the following error is reported on the screen "Error message: FATAL: Passwort-Authentifizierung f r Benutzer otrs >> << fehlgeschlagen FATAL: [..] "and I can no longer configure the system.
if anyone can help, thank you.
Mensagem de Erro: FATAL: Passwort-Authentifizierung
Moderator: crythias
-
diegosousa
- Znuny newbie
- Posts: 1
- Joined: 22 Oct 2014, 14:29
- Znuny Version: 3.3.9
-
alexshrewsbury
- Znuny newbie
- Posts: 1
- Joined: 04 Dec 2014, 16:00
- Znuny Version: 3.3.9
- Real Name: Alex Shrewsbury
- Company: University of Charleston
Re: Mensagem de Erro: FATAL: Passwort-Authentifizierung
I also am having an issue.
I'm running the OTRS appliance inside VMWare on a UCS.
To be honest, I have zero experience with ldap, and not much more with AD.
I edited the Config.pm file the best I could to get it to authenticate.
In the future, We'll probably want to do some kind of Single Sign On. We have an ADFS Server. But for now, LDAP should do well enough.
This is the Fatal error I get.
**************************************************************
Backend ERROR: OTRS-CGI-57
Perl: 5.10.1
OS: linux
Time: Thu Dec 4 09:19:13 2014
Message: FATAL: Passwort-Authentifizierung f?r Benutzer >>otrs<< fehlgeschlagen
FATAL: Passwort-Authentifizierung f?r Benutzer >>otrs<< fehlgeschlagen
RemoteAddress: 10.91.3.239
RequestURI: /otrs/index.pl Traceback (1682):
Module: Kernel::System::DB::new (OTRS 3.3.9) Line: 223
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.9) Line: 145
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
***************************************************************
here is the Config.pm file
**************************************************************
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2014 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{DatabaseHost} = '127.0.0.1';
# The database name
$Self->{Database} = 'otrs';
# The database user
$Self->{DatabaseUser} = 'otrs';
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{DatabasePw} = 'DATABASEPASSWORD';
$Self->{SecureMode}=1;
$Self->{"Package::Timeout"}=120;
$Self->{'SystemID'}=57;
$Self->{'SessionName'}='OTRSAgentInterface';
### MARKER ###
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = "american_america.utf8";
# $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# LDAP Integration for MyDomain.local #
# ---------------------------------------------------- #
# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_A,dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=otrs_allow_A,dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=otrs_allow_A,dc=ucwv,dc=edu' => {
#otrs_allow_A is an AD group for agents
'Company Agents' => 1,
},
'cn=Domain Admins,dc=ucwv,dc=edu' => {
'Tech Support Agents' => 1,
}
};
# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_C,dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldap://DOMAINCONTROLLER.ucwv.edu',
BaseDN => 'dc=ucwv,dc=edu',
SSCOPE => 'sub',
UserDN => 'cn=otrs_ldap,dc=ucwv,dc=edu',
UserPw => 'PLAINTEXTPASSWORD',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=otrs_allow_C,dc=ucwv,dc=edu',
#otrs_allow_C is an AD group for Clients
AccessAttr => 'member',
UserAttr => 'DN',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
**************************************************************************
I'm running the OTRS appliance inside VMWare on a UCS.
To be honest, I have zero experience with ldap, and not much more with AD.
I edited the Config.pm file the best I could to get it to authenticate.
In the future, We'll probably want to do some kind of Single Sign On. We have an ADFS Server. But for now, LDAP should do well enough.
This is the Fatal error I get.
**************************************************************
Backend ERROR: OTRS-CGI-57
Perl: 5.10.1
OS: linux
Time: Thu Dec 4 09:19:13 2014
Message: FATAL: Passwort-Authentifizierung f?r Benutzer >>otrs<< fehlgeschlagen
FATAL: Passwort-Authentifizierung f?r Benutzer >>otrs<< fehlgeschlagen
RemoteAddress: 10.91.3.239
RequestURI: /otrs/index.pl Traceback (1682):
Module: Kernel::System::DB::new (OTRS 3.3.9) Line: 223
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.9) Line: 145
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
***************************************************************
here is the Config.pm file
**************************************************************
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2014 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{DatabaseHost} = '127.0.0.1';
# The database name
$Self->{Database} = 'otrs';
# The database user
$Self->{DatabaseUser} = 'otrs';
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{DatabasePw} = 'DATABASEPASSWORD';
$Self->{SecureMode}=1;
$Self->{"Package::Timeout"}=120;
$Self->{'SystemID'}=57;
$Self->{'SessionName'}='OTRSAgentInterface';
### MARKER ###
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = "american_america.utf8";
# $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# LDAP Integration for MyDomain.local #
# ---------------------------------------------------- #
# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_A,dc=ucwv,dc=edu';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=otrs_allow_A,dc=ucwv,dc=edu';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=otrs_allow_A,dc=ucwv,dc=edu' => {
#otrs_allow_A is an AD group for agents
'Company Agents' => 1,
},
'cn=Domain Admins,dc=ucwv,dc=edu' => {
'Tech Support Agents' => 1,
}
};
# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap://DOMAINCONTROLLER.ucwv.edu';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::DN'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PLAINTEXTPASSWORD';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_C,dc=ucwv,dc=edu';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldap://DOMAINCONTROLLER.ucwv.edu',
BaseDN => 'dc=ucwv,dc=edu',
SSCOPE => 'sub',
UserDN => 'cn=otrs_ldap,dc=ucwv,dc=edu',
UserPw => 'PLAINTEXTPASSWORD',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=otrs_allow_C,dc=ucwv,dc=edu',
#otrs_allow_C is an AD group for Clients
AccessAttr => 'member',
UserAttr => 'DN',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
**************************************************************************