[7.490][BUG][FIXED] Active Directory authentication does only work with one User

Hi @all

Problem: if I authenticate me with my username/pw HTTP-Proxy works fine - if my girlfriend authenticates on the Webproxy then Astaro shows me the following debug information:

2009:09:08-11:25:02 gw aua[29627]: }, 'Net::LDAP::Entry' );
2009:09:08-11:25:02 gw aua[29627]: "
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory() trying to bind to user 'CN=Sabrina Buesch,OU=Users,OU=CRAPSNET,DC=crapsnet,DC=local'"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory() bind LDAP server - informational message:$VAR1 = undef;
2009:09:08-11:25:02 gw aua[29627]: "
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory(): bind failed for bindDN = CN=Sabrina Buesch,OU=Users,OU=CRAPSNET,DC=crapsnet,DC=local"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth_directory(): Authentication failed: User could not be authenticated"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Active Directory authentication failed: User could not be authenticated"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth: authentication failed with method adirectory, trying next method"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth returns result 0"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="User sab is not authenticated or authorized for facility http, all methods tried"
2009:09:08-11:25:02 gw aua[29627]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.114.103" user="sab" caller="http" reason="DENIED"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Method: "
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Result: 0"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Ref: ''"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Groups: "
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="Comment: User could not be authenticated"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="No update on blocklist desired"
2009:09:08-11:25:02 gw aua[29627]: id="3007" severity="debug" sys="System" sub="auth" name="result:
2009:09:08-11:25:02 gw aua[29627]: DENIED"

0 Astaro Beta Bot over 15 years ago

Astaro Beta Report
--------------------------------
Version: 7.490
Type: BUG
State: FIXED
Reporter: piepmatz
Contributor: 
MantisID: 
--------------------------------

0 piepmatz over 15 years ago

Is it possible that there is a password problem? The password "SuperMausi!" is in the logfile as "SuperMausi%21" represented. With a password like "Ex-Cd123" it works without any problem.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BrucekConvergent over 15 years ago in reply to piepmatz

It sure sounds like there's an issue handling non alphanumeric characters.. .which is a problem, considering most of my customer sites have policies that force the end users to use such characters in their passwords.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 AlanT_01 over 15 years ago

tested 7.490 here with passwords containing various non alpha-numeric passwords, and there was no problem. I'm not setup for AD atm though. Are you using standard mode auth or the new transparent with auth mode? if so, what browser are you using? something is converting "!" to the ASCII "%21" representation. If you're using the new transparent with auth, perhaps the browser is doing it, and the Astaro is not handling it properly.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 AlanT_01 over 15 years ago

It looks like the problem only affects the new Transparent with Authentication mode. The browser converts extended ascii characters to the %ascii equivalent, and the authentication process on thet Astaro isn't translating them back.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 svens over 15 years ago

Fixed, thanks for reporting.

Regards,

Sven.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BrucekConvergent over 15 years ago in reply to svens

Good catch piepmatz!

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel