Change of DOmain Controllers - SSO/LDAP/Kerberos

[seaney]

Hi all,

we use OTRS 3.0.11 on an Ubuntu 12.04.1 VM. The production environment has a pair of 2008 R2 DC's, that the OTRS is using LDAP/Kerberos to SSO authenticate.
We have an issue where once a week we need to run the net ads keytab add HTTP -U "username" command to get access to the agent page again, but that is not the major issue I wish to ask about.

I am testing (in a lab environment) upgrading/change the Domain Controllers over to 2012 R2. after changing both DC's to 2012 R2, I have been unable to get the authentication working for OTRS again. I have changed the config.pm parameters to the new dc name, but nothing seems to work.

Can anyone help me in finding all the locations where I need to change the DC names? I am not hugely versed in Linux, and have inherited this setup form the previous admin, so I am muddling my way through.

Thanks

[root]

The Kerberos Authentication is performed by the Apache httpd. For OTRS it looks like HTTP Basic Auth, it just takes the Username from a HTTP header.
All LDAP settings should be in Kernel/Config.pm or in Kernel/Config/Files/*.pm (except ZZZAAuto.pm and ZZZAuto.pm). Just grab there for LDAP and take a look:

Code: Select all

otrs$ grep LDAP /opt/otrs/Kernel/Config/Files/*.pm

[seaney]

I've trawled through the Kernel/Config.pm file and changed any reference to the old Domain Controller. No luck yet though.
And on this vm there is nothing in the opt directory.

is there anywhere in the Apache config files I need to point things at the new dc as well?
I've spent the better part of a day searching but haven't found the smoking gun yet.

appreciate your assistance.

[seaney]

I found in etc\otrs\Kernal\ another instance of the Config.pm (looks like there is a couple of copies so I'm struggling to work out which one is active.

but changing this one didn't affect it either.