Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to add AD authentication sources with a 404 error on testing connection #8429

Open
stgmsa opened this issue Dec 8, 2024 · 2 comments

Comments

@stgmsa
Copy link
Contributor

stgmsa commented Dec 8, 2024

Describe the bug
Unable to add a valid AD authentication source and pass the test.

To Reproduce

  1. Install the latest PF v14.1 (built on Dec 7)
  2. add an authentication source, select Active Directory, fill in the correct BaseDN bindDN, password, etc...
  3. click "test" button
  4. see an error like "404 Unable to find active connector tunnel: local_connector at /usr/local/pf/lib/pf/api/unifiedapiclient.pm line 218."

Screenshots
N/A

Expected behavior
successfully pass the authentication source test.

Desktop (please complete the following information):
Independent

Smartphone (please complete the following information):
Independent

Additional context
from journal logs, here's something like

Dec 08 08:08:28 debian12-std api-frontend-docker-wrapper[22644]: api-frontend-access 100.64.0.1 - - [08/Dec/2024:13:08:28 +0000] "POST /api/v1/config/sources/test HTTP/1.1" 422 165 "https://192.168.4.79:1443/admin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
Dec 08 08:08:28 debian12-std haproxy-admin-docker-wrapper[25865]: <134>Dec  8 08:08:28 haproxy[9]: 100.64.0.1:57256 [08/Dec/2024:08:08:28.136] admin-https-192.168.4.79~ api/containers-gateway.internal 0/0/2/175/177 422 401 - - ---- 1/1/0/0/0 0/0 {192.168.4.79:1443} "POST /api/v1/config/sources/test HTTP/1.1"

@fdurand
Copy link
Member

fdurand commented Dec 11, 2024

@stgmsa retry please

@stgmsa
Copy link
Contributor Author

stgmsa commented Dec 12, 2024

@fdurand still having errors. but another error.

Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) ERROR: [mac:[undef]] Error binding to 192.168.4.79:36841: '80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: ' (pf::LDAP::log_error_msg)
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) WARN: [mac:[undef]] [inverse] Unable to connect to 192.168.4.201 (pf::Authentication::Source::LDAPSource::__ANON__)
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) ERROR: [mac:[undef]] [inverse] Unable to connect to any LDAP server, will try while ignoring the dead servers detection (pf::Authentication::Source::LDAPSource::_connect)
Dec 12 13:12:07 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:12:07-0500 lvl=info msg="Handling POST /api/v1/pfconnector/dynreverse" pid=1
Dec 12 13:12:07 debian12-std pfconnector-client-docker-wrapper[26070]: <nil>
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) ERROR: [mac:[undef]] Error binding to 192.168.4.79:36841: '80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: ' (pf::LDAP::log_error_msg)
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) WARN: [mac:[undef]] [inverse] Unable to connect to 192.168.4.201 (pf::Authentication::Source::LDAPSource::__ANON__)
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) ERROR: [mac:[undef]] [inverse] Unable to connect to any LDAP server (pf::Authentication::Source::LDAPSource::_connect)
Dec 12 13:12:07 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(15) WARN: [mac:[undef]] [inverse] Unable to connect to any LDAP server (pf::Authentication::Source::LDAPSource::test)
Dec 12 13:12:07 debian12-std api-frontend-docker-wrapper[21941]: api-frontend-access 100.64.0.1 - - [12/Dec/2024:18:12:07 +0000] "POST /api/v1/config/sources/test HTTP/1.1" 422 142 "https://192.168.4.79:1443/admin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"

testing with nachos.local

Dec 12 13:17:39 debian12-std haproxy-admin-docker-wrapper[25541]: <134>Dec 12 13:17:39 haproxy[10]: 100.64.0.1:48030 [12/Dec/2024:13:17:39.418] admin-https-192.168.4.79/1: SSL handshake failure
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=info msg="Handling POST /api/v1/pfconnector/dynreverse" pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Memory configuration is more than 5 seconds old. Considering config::Connector() as invalid do reload it." pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Resource is not valid anymore. Was loaded at 2024-12-12 13:17:03.445334941 -0500 EST m=+794.287130661" pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Memory configuration is more than 5 seconds old. Considering config::Connector() as invalid do reload it." pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Resource is not valid anymore. Was loaded at 2024-12-12 13:17:03.445334941 -0500 EST m=+794.287130661" pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Memory configuration was never loaded. Considering config::Connector() as invalid do the initial load." pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Item local_connector has been detected as expired in pfconfig. Reloading." pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Adding object local_connector" pid=1
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=dbug msg="Memory configuration was never loaded. Considering config::Connector() as invalid do the initial load." pid=1
Dec 12 13:17:39 debian12-std pfconnector-client-docker-wrapper[26070]: <nil>
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) ERROR: [mac:[undef]] Error binding to 192.168.4.79:39859: '80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: ' (pf::LDAP::log_error_msg)
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) WARN: [mac:[undef]] [inverse] Unable to connect to 192.168.4.202 (pf::Authentication::Source::LDAPSource::__ANON__)
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) ERROR: [mac:[undef]] [inverse] Unable to connect to any LDAP server, will try while ignoring the dead servers detection (pf::Authentication::Source::LDAPSource::_connect)
Dec 12 13:17:39 debian12-std pfconnector-server-docker-wrapper[25865]: t=2024-12-12T13:17:39-0500 lvl=info msg="Handling POST /api/v1/pfconnector/dynreverse" pid=1
Dec 12 13:17:39 debian12-std pfconnector-client-docker-wrapper[26070]: <nil>
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) ERROR: [mac:[undef]] Error binding to 192.168.4.79:39859: '80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: ' (pf::LDAP::log_error_msg)
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) WARN: [mac:[undef]] [inverse] Unable to connect to 192.168.4.202 (pf::Authentication::Source::LDAPSource::__ANON__)
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) ERROR: [mac:[undef]] [inverse] Unable to connect to any LDAP server (pf::Authentication::Source::LDAPSource::_connect)
Dec 12 13:17:39 debian12-std pfperl-api-docker-wrapper[25376]: pfperl-api(14) WARN: [mac:[undef]] [inverse] Unable to connect to any LDAP server (pf::Authentication::Source::LDAPSource::test)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants