Not able to login foreman GUI using AD account

sganesh · December 20, 2022, 8:28am

not able to login foreman GUI using AD account. Getting invalid username and password.

I’m using Foreman 3.3. I have configured the settings as per Foreman :: Manual.

Let me know if anything i’m missing.

evgeni · December 20, 2022, 8:30am

(I moved this to “Support”, as that’s what you’re looking for. “Infra&CI” is for our infrastructure issues.)

ikonia · December 20, 2022, 8:48am

in olden days, there was a requirement to create the account locally in foreman as only the auth was passed off to AD. I’m not sure if this is true still though

Be handy to see what your logs are saying

Marek_Hulan · December 20, 2022, 9:13am

The account should autocreate on the first login (based on the external auth source configuration), but we’ve seen recently that the account creation fails due to missing email (the value is for some reason set to “(null)” string.

sganesh · December 20, 2022, 9:14am

below i see in logs. i tried with both login name and domain\login name

2022-12-20T03:12:53 [I|app|8079b6f1] Parameters: {“login”=>{“login”=>“gsambandam”, “password”=>"[FILTERED]"}, “authenticity_token”=>“zYuBXzKliCvYGtm1saFOHdRJXcCKOe7LRJTn9mcFY6fCsXJPj+8RmNLYA/v45758APuZ17/60vsgn4yDOZebOg==”}
2022-12-20T03:12:53 [W|app|8079b6f1] Failed login attempt from 2a00:9d00:1:1ff::ac1a:8ddf with username ‘gsambandam’
2022-12-20T03:13:48 [I|app|fbf105c1] Parameters: {“login”=>{“login”=>“ecp\gsambandam”, “password”=>"[FILTERED]"}, “authenticity_token”=>“529cd/V0yC8mBj9vOZ+6oGOY5XtG6t4IUR7WHwACPL+bD9m+kzwhI6GVyhnjXryVi2/hiIm9QW5mJwH0pp6/jA==”}
2022-12-20T03:13:48 [W|app|fbf105c1] Failed login attempt from 2a00:9d00:1:1ff::ac1a:8ddf with username ‘ecp\gsambandam’

ikonia · December 21, 2022, 9:03am

I hit on the missing email problem in early foreman years, and that was to do with it looking in AD for the email rather than locally and the AD schema was at a version which wouldn’t present the email (or in one case even store an email) - that could still be the case here ?

sganesh · December 22, 2022, 7:07am

I configured LDAP external auth resource in GUI, i have not done anything from foreman server end, is there anything to be done at server side?

I’m only looking for accessing foreman GUI login using AD account.

tedevil · December 22, 2022, 2:06pm

Been a while since I configured it but I have the Foreman server added to Windows Active Directory using sssd and then also added to the same AD for the Foreman application using LDAPS. I added the server ad group + application group to sssd since the “SSH access” group is different compared to the one used for the Foreman application. Can not seem to remember if it was needed but I have it that way.
Mappings for active directory:

sganesh · December 23, 2022, 8:35am

thank you so much, i changed Login Name Attribute from userPrincipalName to sAMAccountName and then it worked, also user account auto creation works fine.

system · December 30, 2022, 8:35am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.