Not able to login foreman GUI using AD account

not able to login foreman GUI using AD account. Getting invalid username and password.

I’m using Foreman 3.3. I have configured the settings as per Foreman :: Manual.

Let me know if anything i’m missing.

(I moved this to “Support”, as that’s what you’re looking for. “Infra&CI” is for our infrastructure issues.)

1 Like

in olden days, there was a requirement to create the account locally in foreman as only the auth was passed off to AD. I’m not sure if this is true still though

Be handy to see what your logs are saying

The account should autocreate on the first login (based on the external auth source configuration), but we’ve seen recently that the account creation fails due to missing email (the value is for some reason set to “(null)” string.

below i see in logs. i tried with both login name and domain\login name

2022-12-20T03:12:53 [I|app|8079b6f1] Parameters: {“login”=>{“login”=>“gsambandam”, “password”=>"[FILTERED]"}, “authenticity_token”=>“zYuBXzKliCvYGtm1saFOHdRJXcCKOe7LRJTn9mcFY6fCsXJPj+8RmNLYA/v45758APuZ17/60vsgn4yDOZebOg==”}
2022-12-20T03:12:53 [W|app|8079b6f1] Failed login attempt from 2a00:9d00:1:1ff::ac1a:8ddf with username ‘gsambandam’
2022-12-20T03:13:48 [I|app|fbf105c1] Parameters: {“login”=>{“login”=>“ecp\gsambandam”, “password”=>"[FILTERED]"}, “authenticity_token”=>“529cd/V0yC8mBj9vOZ+6oGOY5XtG6t4IUR7WHwACPL+bD9m+kzwhI6GVyhnjXryVi2/hiIm9QW5mJwH0pp6/jA==”}
2022-12-20T03:13:48 [W|app|fbf105c1] Failed login attempt from 2a00:9d00:1:1ff::ac1a:8ddf with username ‘ecp\gsambandam’

I hit on the missing email problem in early foreman years, and that was to do with it looking in AD for the email rather than locally and the AD schema was at a version which wouldn’t present the email (or in one case even store an email) - that could still be the case here ?

I configured LDAP external auth resource in GUI, i have not done anything from foreman server end, is there anything to be done at server side?

I’m only looking for accessing foreman GUI login using AD account.

Been a while since I configured it but I have the Foreman server added to Windows Active Directory using sssd and then also added to the same AD for the Foreman application using LDAPS. I added the server ad group + application group to sssd since the “SSH access” group is different compared to the one used for the Foreman application. Can not seem to remember if it was needed but I have it that way.
Mappings for active directory:

1 Like

thank you so much, i changed Login Name Attribute from userPrincipalName to sAMAccountName and then it worked, also user account auto creation works fine.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.