ravada
ravada copied to clipboard
UPC
Integration with Active Directory
Hi,
I would like to know about the possibility of authenticating with Active Directory domain users.
I have in production the AD and would like to make the test if logging in frontend with the users that already then registered in AD.
You can log in to the frontend (/ usr / sbin --add-user user.name) with my domain users
Thank you very much Congratulations on the project.
Hi @thiagomdr27 , thank you very much for your interest. Active Directory support may not be hard to implement, but it's not a priority now. In addition we have no AD here around to test it. Anyway I'll try to create a branch in a few days as a start point for implementing this.
I started working on it. I can't test in AD. Help Wanted.
- How to test: http://ravada.readthedocs.io/en/latest/devel-docs/test_ad.html
- How to configure : http://ravada.readthedocs.io/en/latest/docs/auth_active_directory.html
Hi @frankiejol, i'm sorry for the delay
I have not tested it yet because I changed the distro, I'm currently trying to make it work through centOS and I'm having some problems with dependencies.
As soon as I can, I'll test the integration with AD.
We had problems with CentOS dependencies and went back to Ubuntu.
Unfortunately, the steps on how to test and configure were not clear
@thiagomdr27 you are damn right, the development and test docs are really outdated. I changed some parts today. Please start with: http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html
You can also run the test suite following this small guide: http://ravada.readthedocs.io/en/latest/devel-docs/test.html
@thiagomdr27 I guess you're stuck trying to install test-sql-data. install it that way:
$ perl Makefile.PL
$ make
$ make test
$ sudo make install
@thiagomdr27 thank you for your patience. I think it is already installed. You can move on to install from source like this: http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html
Thank you @frankiejol It's really working, not authenticating with AD, and I can not understand the steps in http://ravada.readthedocs.io/en/latest/docs/ldap_local.html
Ok, I think you are using the master branch. Stop the rvd_back and go to the AD branch:
$ git checkout 392_ad
The rvd_front will detect changes automatically if called from morbo. Start rvd_back again. Then try to configure AD following this guide:
http://ravada.readthedocs.io/en/latest/docs/auth_active_directory.html
It's not going to work because I coded without trying it, but let's give it a chance and see what's the output.
The installation made with the .deb package. Where should I make the clone of this package 392_ad? As I understood, this package should be with the package already in operation. I thought about compiling again from scratch, but I could not and did not find any step by step
@thiagomdr27 the deb package still has not the AD feature. You must install from source cloning the git repo
$ git clone https://github.com/UPC/ravada.git
$ git checkout 392_ad
I'm not sure if you already tried this guide: http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html In that case, let me know where are you stuck on and I'll try to improve the docs.
Hello, sorry for the delay.
Maybe it was cool to add the necessary commands to be executed in the documentation, I used the below.
$git clone https://github.com/UPC/ravada.git - OK
$perl Makefile.PL - Ok
$make - OK
$install - OK
The ravada is working ok.
$ git checkout 392_ad
fatal: Not a git repository (or any of the parent directories): .git
@thiagomdr27 there is no need to install, please review this doc I'll keep it up with your suggestions http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html
$ git checkout 392_ad
fatal: Not a git repository (or any of the parent directories): .git
git checkout must be used from within the ravada cloned directory.
Ok @frankiejol
I re-started the installation by following http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html
$ git checkout 392_ad - OK
what steps should I follow from now?
thank you for your patience
The tab located at (http://ravada.readthedocs.io/en/latest/docs/ldap_local.html) is for the creation of an LDAP location. I already have a base with AD / DS from Microsoft, I wanted to pull this user base
Hi! I'm trying to test this too. Hope this helps a bit, @thiagomdr27.
What i've done:
1- http://ravada.readthedocs.io/en/latest/docs/INSTALL_devel.html
2-
$ cd ravada
$ git checkout 392_ad
3- Extra packages needed for the next step (maybe could be added to the docs? Not sure 100% if python-dev is needed):
$ sudo apt-get install make python-dev gcc
4- http://ravada.readthedocs.io/en/latest/docs/auth_active_directory.html (only the first step, Install Modules)
5- http://ravada.readthedocs.io/en/latest/devel-docs/test_ad.html
But after running the tests, some errors appear:
Manifying 19 pod documents t/67_user_ad.t .. Can't locate Test/SQL/Data.pm in @INC (you may need to install the Test::SQL::Data module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at t/67_user_ad.t line 6. BEGIN failed--compilation aborted at t/67_user_ad.t line 6. Dubious, test returned 2 (wstat 512, 0x200) No subtests run
Test Summary Report t/67_user_ad.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output Files=1, Tests=0, 0 wallclock secs ( 0.04 usr 0.01 sys + 0.04 cusr 0.02 csys = 0.11 CPU) Result: FAIL
I've seen this module (Test::SQL::Data) in your github, so i've tried to install:
git clone https://github.com/frankiejol/Test-SQL-Data.git
cd Test-SQL-Data
perl Makefile.PL
sudo make install
And finally, the output:
jose@ravada-dev:~/ravada$ make && prove -v t/67_user_ad.t Manifying 19 pod documents t/67_user_ad.t .. not ok 1 - use Ravada;
Failed test 'use Ravada;' at t/67_user_ad.t line 9. Tried to use 'Ravada'. Error: Can't locate Ravada.pm in @INC (you may need to install the Ravada module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at t/67_user_ad.t line 9. BEGIN failed--compilation aborted at t/67_user_ad.t line 9. not ok 2 - use Ravada::Auth::ActiveDirectory;
Failed test 'use Ravada::Auth::ActiveDirectory;' at t/67_user_ad.t line 62. Tried to use 'Ravada::Auth::ActiveDirectory'. Error: Can't locate Ravada/Auth/ActiveDirectory.pm in @INC (you may need to install the Ravada::Auth::ActiveDirectory module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at t/67_user_ad.t line 62. BEGIN failed--compilation aborted at t/67_user_ad.t line 62. not ok 3
Failed test at t/67_user_ad.t line 50. got: 'Can't locate object method "new" via package "Ravada::Auth::ActiveDirectory" (perhaps you forgot to load "Ravada::Auth::ActiveDirectory"?) at t/67_user_ad.t line 49. ' expected: '' not ok 4 - Expecting an user object , got <UNDEF>
Failed test 'Expecting an user object , got <UNDEF>' at t/67_user_ad.t line 51. not ok 5
Failed test at t/67_user_ad.t line 55. got: 'Undefined subroutine &Ravada::Auth::login called at t/67_user_ad.t line 54. ' expected: '' 1..5 Looks like you failed 5 tests of 5. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/5 subtests
Test Summary Report t/67_user_ad.t (Wstat: 1280 Tests: 5 Failed: 5) Failed tests: 1-5 Non-zero exit status: 5 Files=1, Tests=5, 0 wallclock secs ( 0.04 usr 0.01 sys + 0.13 cusr 0.04 csys = 0.22 CPU) Result: FAIL
Not sure what to do now. Hope we can make this work!
Thanks both in advance,
@jlopezramos , thank you for your collaboration
3- Extra packages needed for the next step (maybe could be added to the docs? Not sure 100% if python-dev is needed):
We are definately not using python, so you could try removing this package. Everything should work.
So far good job installing the development source. It can't find the lib because prove needs -b:
jose@ravada-dev:~/ravada$ make && prove -v t/67_user_ad.t
jose@ravada-dev:~/ravada$ make && prove -b t/67_user_ad.t
So far good job installing the development source. It can't find the lib because prove needs -b:
jose@ravada-dev:~/ravada$ make && prove -v t/67_user_ad.t
jose@ravada-dev:~/ravada$ make && prove -b t/67_user_ad.t
I'm so sorry! I reviewed the entire process several times, damn typo. Sorry again.
I've just tried again right now, here is the output. I'm trying to figure if the error comes from my side...
jose@ravada-dev:~/ravada$ prove -b t/67_user_ad.t t/67_user_ad.t .. 1/? # Failed test at t/67_user_ad.t line 50. # got: 'ERROR: Login failed bob.esponja at /home/jose/ravada/blib/lib/Ravada/Auth/ActiveDirectory.pm line 50. # ' # expected: ''
# Failed test 'Expecting an user object , got <UNDEF>' # at t/67_user_ad.t line 51. ERROR: Login failed bob.esponja at /home/jose/ravada/blib/lib/Ravada/Auth/ActiveDirectory.pm line 50.
# Failed test at t/67_user_ad.t line 55. # got: 'ERROR: Login failed bob.esponja at /home/jose/ravada/blib/lib/Ravada/Auth/SQL.pm line 65. # ' # expected: '' # Looks like you failed 3 tests of 5. t/67_user_ad.t .. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/5 subtests
Test Summary Report ------------------- t/67_user_ad.t (Wstat: 768 Tests: 5 Failed: 3) Failed tests: 3-5 Non-zero exit status: 3 Files=1, Tests=5, 2 wallclock secs ( 0.04 usr 0.01 sys + 1.09 cusr 0.31 csys = 1.45 CPU) Result: FAIL
edit: updated the previous output. Isn't user/password issue, i've tried with an incorrect one and the output is ok:
# Failed test at t/67_user_ad.t line 50. # got: 'Failed to authenticate user '[email protected]'. Reason: '80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580' at /usr/local/share/perl/5.24.1/Auth/ActiveDirectory.pm line 73. # ' # expected: ''
@thiagomdr27 we are struggling with this here too. It looks we have to set the AD parameters in /etc/ravada.conf:
ActiveDirectory:
host: ip.address
port: 389
domain: the.domain.
principal: ?
I'm not sure of what those mean, so we will work with someone who knows more about AD
@frankiejol I would love to be able to help you with that.
I have questions about where to find this "Principal" attribute in Active Directory.
At a glance it looks like most of the code is there, it just needs a little testing. This is the github branch for it: https://github.com/UPC/ravada/tree/392_ad merged with current develop
Let's write a doc based on @AKA9124 conversation. https://github.com/UPC/ravada/discussions/1464
Hey guys,
I am still stuck on this issue. I used the LDAP attribute of primary group, but it still does not recognize it. When I look at the user, I see that the user is successfully logs in, but it won't have access to the VM. I noticed on the admin interface that the user is not a member of any LDAP/AD group even though I know it is.
For example: Name: Jane Doe Login: sAMAccountName Password: LDAP Password: memberOf: GroupA, GroupB, GroupC
In the Access tab of the VM Under the sub-category of Group, I can filter using the "sAMAccountName" of the group.
I can further see that, the logged in user has "DistinguishedName" listed which belongs to the logged on user but is not the same as "sAMAccountName".
In my opinion, the only thing it is missing is the checking of the group membership in LDAP based on "field". Could either of you please point me to the code where you think is checking for it?
Any help you can provide is greatly appreciated!
Raj Patel
