I'm having an issue where my password from LDAP is not being recognized by Drupal 7. I do have a successful connection to LDAP. And I'm able to import all my users into Drupal.
Cannot figure out why the password isn't working. If I manually set a password on the imported LDAP users, that password does work.
Here is what is in the log:
TYPE ldap_authentication
DATE Wednesday, March 26, 2014 - 10:19
USER Anonymous (not verified)
LOCATION http://drupal_sc.int.server.org/drupal/node?destination=node
REFERRER http://drupal_sc.int.server.org/drupal/
MESSAGE gormans : Trying server J LDAP where bind_method = 1. Error: Success
SEVERITY debug
HOSTNAME 10.8.0.174
**************************************************
TYPE ldap_authentication
DATE Wednesday, March 26, 2014 - 10:19
USER Anonymous (not verified)
LOCATION http://drupal_sc.int.server.org/drupal/node?destination=node
REFERRER http://drupal_sc.int.server.org/drupal/
MESSAGE smith1 : Authentication result id=0 auth_result=3 (Sorry, unrecognized username or password.)
SEVERITY debug
HOSTNAME 10.8.0.174
OPERATIONS
*************************************************
TYPE ldap_authentication
DATE Wednesday, March 26, 2014 - 10:19
USER Anonymous (not verified)
LOCATION http://drupal_sc.int.server.org/drupal/node?destination=node
REFERRER http://drupal_sc.int.server.org/drupal/
MESSAGE gormans : Failed ldap authentication. User may have authenticated successfully by other means in a mixed authentication site. LDAP Authentication Error #: 3 error message: Sorry, unrecognized username or password.
SEVERITY debug
HOSTNAME 10.8.0.174
OPERATIONS
Huge thanks for the help.
I was able to figure this out. Even though the module says, "Anonymous Bind: Use no credentials to bind to LDAP server. This option will not work on most LDAPS connections", I changed it to be anonymous.
What I was originally doing was putting in my own super-user credentials into the binding method.
Related
I managed to get my Active Directory up and running, and now I want to integrate my MS-AD into my Moodle server. I followed the steps from the Moodle docs as close as I can.
This is the error message I get when trying to log into my Moodle server with an Active Directory User:
LDAP-module cannot connect to any servers: Server: 'ldap://europe.domain.com/', Connection: 'Resource id #16', Bind result: ''
And here is my LDAP server configuration within Moodle:
LDAP server settings
Host URL: ldap://europe.domain.com/
Version: 3
Use TLS: No
Bind settings
Distinguished name: cn=ldap-user,dc=europe,dc=domain,dc=com
User lookup settings
User type: MS ActiveDirectory
Contexts: ou=moodleusers,dc=europe,dc=domain,dc=com
Thats what I have done so far:
Created "moodleusers" OU
Created ldap-user AD user account & set the password to "Password never expires."
What have I done wrong?
There's a possible answer here in the Moodle forums
https://moodle.org/mod/forum/discuss.php?d=427908#p1722336
Bind result normally refers to two things.
Your bind user is entered incorrectly (perhaps an expired or changed password)
Your bind user does not have the necessary permissions on the OU referenced in the context.
Maybe also try one of the LDAP tools to test the connection outside of Moodle
https://ldap.com/ldap-tools/
For example
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
I am trying to revoke the refresh tokens of a specific user (my own) in AzureAD to force a completely new logon to an applicaiton.
As there is no UI option for this in the Azure Portal (there actually is -> see in one of the anwers) I am using the 'Windows Terminal's 'Azure Cloud Shell' option as follows directly from the built-in Azure Cloud shell:
Connect-AzureAD
PS /home/...> Revoke-AzureADUserAllRefreshToken -ObjectId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
The GUID I pass in the parameteter is the object ID of my user.
Unfortunately this fails due to a permission issue:
Revoke-AzureADUserAllRefreshToken: Error occurred while executing RevokeUserAllRefreshTokens
Code: Authorization_RequestDenied
Message: Access to invalidate refresh tokens operation is denied.
RequestId: fd5f5256-3909-46af-b709-8068e0744f25
DateTimeStamp: Mon, 09 Aug 2021 16:56:28 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
If I try to execute the same in the Cloud Shell within the azure portal, the result is the same.
If I use a 'classic' PowerShell, then it works. So apparently something is missing with the authentication of the Cloud Shell.
When I log in I get to select the right tenant, and my read access e.g. to the user list works perfectly.
I have no more clues what I would be missing:
I am Owner of the subscription in the azure role assignments
I do have the Global Administrator role assigned in AzureAD
Is there some special command to 'elevate' the permissions?
I tried to reproduce the issue on my Azure AD tenant , but unfortunately I didn’t receive the error you are getting .
Note: Make sure you connect with AD with your Global Admin account i.e. admin#domainname.onmicrosoft.com or username_outlook.com#EXT##domainname.onmicrosoft.com, so that you see the correct details in every column in the above red box.
Other options :
From Portal you can go to the user profile and click on revoke
sessions .
Using Graph Explorer you can revoke signin Sessions.
Post https://graph.microsoft.com/v1.0//users/UserObjectID/revokeSignInSessions
Reference:
user: revokeSignInSessions - Microsoft Graph v1.0 | Microsoft Docs
I have been facing issue in my Windows Server 2008 R2 that there are thousands of Audit failure logs and MSSQLSERVER logon failed attempts logs as follows.
1. Audit Failure Log Details :
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: &*****
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: MSTSC
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
2. SQL Server Logon Attempt Log Details:
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 119.10.26.166]
Note: The Server has been hosted by Godaddy
Thanks.
After i logged in to SQL server using management studio i opened the log and i got a million messages showing
Login failed. The login is from an untrusted domain and cannot be used
with Windows authentication. [CLIENT: 222.186.61.5]
or
Login failed for user 'sa'. Reason: Password did not match that for
the login provided. [CLIENT: 222.186.61.5]
or
Login failed for user 'kisadmin'. Reason: Could not find a login
matching the name provided. [CLIENT: 222.186.61.5]
or
Login failed for user 'wwo'. Reason: Could not find a login matching
the name provided. [CLIENT: 104.217.216.169]
I have many more logs for many users and IP's which first appeared 10/6/2015 8:06:19 PM (and i have them everyday). Are these messages showing that i have been cyber attacked ?
What you see is a set of failed login tries, so, you can know for sure that someone tries to hack your database. Unfortunately, if there were successful attempts, then people might have read some data from your part. You need to kill all active connections and change the port you are using for your database.
Also, it would be nice if you would think about how people were able to try to log in to your database. Are you having by accident any public information about where your database server is (like error messages, for example)?
I have successfully run Active Directory and Squid Proxy (v.2.7) on our network. I wanted to give uniformed access to users on different departments so I wanted to make use of Kerberos for Squid to know what permission it should give to users knowing the Group it is assigned to the AD.
On the process of installing Kerberos inside the Squid Proxy Server (VM), I am stuck with an error when I tried to run msktutil. See below.
Can someone please explain to me what is the issue all about? And how do I start doing troubleshooting. I have research this matter in Google but getting vague responses.
root#debian:~# msktutil -c -b "CN-COMPUTERS" -s HTTP/debian.internal.local -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY --upn HTTP/debian.internal.local --server internal.servers.com.com --verbose
-- init_password: Wiping the computer password structure
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-oyfv6j
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: SQUIDPROXY$
-- try_machine_keytab_princ: Trying to authenticate for SQUIDPROXY$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/debian.internal from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for SQUIDPROXY$ with password.
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets...
-- finalize_exec: Authenticated using method 4
-- ldap_connect: Connecting to LDAP server: internal.servers.com.com try_tls=YES
-- ldap_connect: Connecting to LDAP server: internal.servers.com.com try_tls=NO
SASL/GSSAPI authentication started
Error: ldap_sasl_interactive_bind_s failed (Local error)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.
-- ~KRB5Context: Destroying Kerberos Context
Also, this might give you more information what the problem is.
root#debian:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user#INTERNAL.SERVERS.COM.COM
Valid starting Expires Service principal
18/12/2014 00:23 18/12/2014 10:23 krbtgt/INTERNAL.SERVERS.COM.COM#INTERNAL.SERVERS.COM.COM
renew until 19/12/2014 00:23
After a long research. I found 2 points of failure for getting this error.
On the host file, the realm was specified but kerberos was not about to resolve it.
Adding another value (dc1.myexchange.com) of the realm (myexchange.com) seem to enable the connection between the AD and Squid Server (where kerberos is running).
Assumption. Since I was able to kinit I assumed that the AD can see the query from the squid server. So, I was not able to check the DNS between the two servers.