Hello all,

 

We had a very similar issue trying to authenticate Customer accounts against LDAP provided by Windows 2012 R2.   We finally tracked down a solution (worked for us, your results may vary) by modifying the lookup code that checks to see if a user account is enabled.

 

A code snippet from our Config.pm file appears below.   My understanding is that since Win2008 the ‘enabled’ value is no longer stored as a discreet value, but is instead contained in a hash that combines the results of the state of many user account attributes.  I don’t have a deep knowledge of this, but hopefully this can serve as a starting point for further investigation.

 

Code snippet to test for ‘enabled’ state on user account:

 

   # in case you want to add always one filter to each ldap query, use

    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'

$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';

 

 

Thanks,

 

Pat

 

 

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of LQ Marshall
Sent: Friday, October 10, 2014 1:02 PM
To: 'User questions and discussions about OTRS.'
Subject: Re: [otrs] Authentication failed for customers - Windows 2012 R2 AD LDAP
Importance: Low

 

Raul - sounds like packet capture time…

 

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Raul Libório
Sent: Friday, October 10, 2014 1:59 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication failed for customers - Windows 2012 R2 AD LDAP

 

Marshall,

Yes, I have also read something about that but I can not remember that was related. I'm looking to find these parameters, if a problem of AD.

 

Alvaro, my problem is with customers. I'm using the sAMAccountName for authentication, as the mapping done in Config.pm


Thanks!


Raul Libório
http://rauhmaru.blogspot.com/
openSUSE Member | Linux User #4444581

 

On Fri, Oct 10, 2014 at 12:18 PM, Alvaro Cordero <alvaro@gridshield.net> wrote:

Did you verify what are you using to authenticate as uuid, email, SAMAccountname, other, that affects too. Also, are you having issues authenticating agents or customers?


Regards

 

2014-10-09 15:11 GMT-06:00 Raul Libório <rauhmaru@gmail.com>:

Hello

 

I have an Active Directory installed on Windows Server 2012 R2. The OTRS can view all users, however, when I try to authenticate, displays error like username or password is incorrect. 

Does anyone have any tips on how to solve? 

 

Thanks


Raul Libório
http://rauhmaru.blogspot.com/
openSUSE Member | Linux User #4444581

 

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs



 

--
___________________________
Alvaro Cordero Retana
Consultor de Tecnologias
Gridshield Monitoreo de Redes e
Infraestructura.
2258-5757 ext 123
alvaro@gridshield.net
www.gridshield.net


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

 

Confidentiality Notice: The information contained in, and any attachments to, this message may be confidential, private and protected by federal and/or state law from use and disclosure. Therefore, this message is intended to be read only by the individual or organization named above to which it was sent, even if it was sent to you in error. If you are not the intended recipient, then any disclosure, distribution, duplication or dissemination of any information contained in this message or any attachments to this message is strictly prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by return e-mail and then delete this message from your computer system. Thank you for your compliance.