Puppet users - Mar 2013 - enabling AD authentication on Puppet Enterprise 2.7 evaluation

Hi All, I''m testing a Puppet install and running into a problem
enabling AD
authentication:
http://docs.puppetlabs.com/pe/2.7/console_auth.html#using-third-party-authentication-services

I''ve followed the instructions in there and the end result is either
only
AD auth or only local auth, once I turn on activedirectoryldap inside the 
cas_client_config.yml file I get "invalid credentials given" for my
local
user in the console-auth logs.. if i disable activedirectory i can locally 
authenticate again.

furthermore, when I do log in with the local account I see queries going to 
my AD server with tcpdump, it appears at least that puppet console
isn''t
even attempting a local check.

my cas_client_config.yml file looks exactly like the example in the above 
URL with both local and activedirectory uncommented.

 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Jeff,

When you say that it looks just like the above file, does that mean it
doesn''t have the CASServer::Authenticators::SQLEncrypted authenticator
section that is supplied by default? It should have a section at the top:

  - class: CASServer::Authenticators::SQLEncrypted
    database:
      adapter: mysql
      database: console_auth
      username: console_auth
      password: console_auth
      server: localhost
    user_table: users
    username_column: username


The values specified should be the ones generated/specified during
installation. There''s also a possibility of the YAML being malformed,
there''s more detail here:
https://ask.puppetlabs.com/question/428/error-starting-pe-puppet-dashboard-workers-script/We''re
using the compact nested mapping format. The spec for the is here:
http://www.yaml.org/spec/1.2/spec.html#id2760821

I hope this helps!

-Jill


On Wed, Mar 13, 2013 at 7:34 AM, Jeff <quaintance@gmail.com> wrote:
> Hi All, I''m testing a Puppet install and running into a problem
enabling
> AD authentication:
>
>
http://docs.puppetlabs.com/pe/2.7/console_auth.html#using-third-party-authentication-services
>
> I''ve followed the instructions in there and the end result is
either only
> AD auth or only local auth, once I turn on activedirectoryldap inside the
> cas_client_config.yml file I get "invalid credentials given" for
my local
> user in the console-auth logs.. if i disable activedirectory i can locally
> authenticate again.
>
> furthermore, when I do log in with the local account I see queries going
> to my AD server with tcpdump, it appears at least that puppet console
isn''t
> even attempting a local check.
>
> my cas_client_config.yml file looks exactly like the example in the above
> URL with both local and activedirectory uncommented.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.