Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Staff can´t connect Active Directory

Hi guys.

I´m experiencing a problem where all my users can access my osticket (v1.9.15) using their active directory credentiais but my staff members can´t.

If the staff user at osticket is the same as active directory, i can´t authenticate neither local auth or AD auth. But, if i create a local user in osticket as a staff, i can connect.

Do you known what can i do in order to solve this?

Thanks!

Comments

  • Please help us to help you by reading and following the posting guidelines located in this thread: Please read before requesting assistance.  The more information you give us the better we will be able to assist you. Thank you.

    It sounds to me like your old staff accounts do are not allowing AD as a back end.  I would check that first.
  • Sorry for the missing information.
    my environment:
    Ubuntu 14.04
    apache 2.4.7
    PHP 5.5.9
    osticket v1.9.15

    I used to connect my osticket with zimbra mail (ldap), and now we change our environment to osticket connect our Active Directory. So, all Clients can connect without problem.

    The only problem i have is about staff. They only do local authentication at osticket.

    I can´t find log information about this problem.

    Thanks!

  • edited April 5

  • Edit the agent profiles.  Make sure that they have backends set to any, or LDAP.
  • My staff configuration is set to use any now and they are using local password. 

    I´ve tested ldap too without success.
  • LDAP plugin settings?

    Check the event viewer / LDAP / AD logs and see why the request is being denied?
  • LDAP Plugin settings are ok. All my clients can authenticate... only staff members can´t.


    i´m using samba4 as my network AD and it don´t have event viewer, but i think everything is ok because clients can connect.
  • What are your LDAP plugin settings?

    Then check the smb logs to see why its getting rejected.

  • My LDAP Settings:
    LDAP Server: 192.168.1.7
    Use TLS: No
    Search User: cn=osticket,cn=Users,dc=domain,dc=local
    Password: password
    Search Base: OU=Users,dc=domain,dc=local
    LDAP Schema: Microsoft AD
    Staff Authentication: Enable
    Client Authentication: Enable

    This configuration is working for clients login (http://suporte.domain.local)

    thanks!

  • Your users and agents are both in Search Base: OU=Users,dc=domain,dc=local?
  • Yes.

    It´s so right that i can login by user interface with my ad login and open my tickets, but can´t log in by staff interface.
  • ...  Huh?

    If you have a User account... you can log in as an User.
    If you have a Agent account... you can log in as an Agent.
    They are not the same accounts in osTicket.
    If you have an AD account, and only a User account in osTicket you can only log in as an User in osTicket.
    If you have an AD account, and only a Agent account in osTicket you can only log in as an Agent in osTicket. 
    They can be the same accounts in AD/LDAP.


  • For example:
    1)  
    - I´ve created a user called "111111" in my AD.

    1.1)
    - Create an agent at osticket called 111111 and told to authenticate either local or ldap.
    - I can´t login with this user at osticket/scp (staff)
    - aways a message: access denied

    1.2)
    - Using this same user "111111" went to normal client login. (client is auto registered)
    - I connect successfull.


    I can´t see any kind of error in samba logs and i don´t known why this behavior. When i was using osticket to auth at my zimbra/ldap base it was working fine.
    Now, using this Samba4/AD/Ldap base i can´t connect using staff system(osticket/scp).
  • version of the plugin?
    Default Domain?
    DNS?

    My search user is DOMAIN\user.name not cn=osticket,cn=Users,dc=domain,dc=local.

    I don't know if you can use all numeric usernames, but I seem to recall someone else running into a problem with that. My guess is either that or that Samba4 isn't true AD and isn't talking communicating correctly.  With out connection logs from your server.  Maybe you need to turn on a more verbose logging.
  • Plugin version:   0.6.3
    Default Domain is AD Domain:  domain.local
    DNS is pointing to AD.

    I awalys use search like these i showed you.

    And you told me what´s the problem: numeric users.
    It seems that osticket can´t use staff users as numbers.

    I add a new user as a name "john" instead "111111" and staff user can log in. 


  • I've mentioned this to the devs.
  • It's the conical name for AD, that's how LDAP works for knowing where to search in the database of your domain environment.
  • Hi guys!

    Any news about this issue ?

    Thanks!!!
  • You solved this issue back on April 6th... use a non numerical user name. I do not think that you are going to get anything further than that.
  • At the truth i didn´t solve this because i need to use numerical user name... 

    I tought that developers would do some thing about this...
  • I'm not aware of them having any plans to change this behavior at thsi time,
  • Try starting with a letter then add the numbers, I wonder if it's a part of a security complexity. Not sure, but worth a try. 
  • I am pretty sure that it's because the ticket system assumes a string of numbers like that is a ticket number.
Sign In or Register to comment.