Can not login to Red Hat Satellite WebUI using Active Directory user

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6.9+

Issue

  • After deleting LDAP user (xyxadm) from Active Directory, there is an authentication problem.
  • Cannot login on Red Hat Satellite WebUI via any ldapuser but able to login with only local user credentials.

Resolution

  • Make sure the bind user is available on Active Directory and it's working fine.

  • If bind user is not available or deleted, change the bind user on Satellite auth source:

    Go to satellite WebUi => Administer => Authentication Sources => Select the profile =>Account ==>Change the bind user in LDAP auth source on Satellite.

    NOTE: Ensure Organization and Location is set correctly to view 'Authentication Sources'

  • In case you are unable to login to the satellite using the admin local account to make the above change you may try using the credentials with which hammer works to login to satellite web ui. It is stored in /root/.hammer/cli.modules.d/foreman.yml .

    In case the hammer credentials also fail to log in, consider resetting the admin credentials with the below command where redhat is the password that we are setting:

    # foreman-rake permissions:reset password=redhat

For more KB articles/solutions related to Red Hat Satellite 6.x Authentication Issues, please refer to the following:

Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Authentication Issues

LDAP Authentication Troubleshooting via foreman-rake - LdapFluff::Generic::UnauthenticatedException: Could not bind to ActiveDirectory user in Red Hat Satellite 6.

Root Cause

  • The bind user was deleted from LDAP/AD.

Diagnostic Steps

  • Check logs under /var/log/messages

    # cat /var/log/messages
2018-10-08 12:38:23 03b25c5c [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"zUZ6djLkoFMuq3G/uyLNJbFylEZg2QpXCCuyVM33SY3P00+Yl972uBDYLnnBv9WA7wdPEs3AGuCRmUqlr2yUag==", "login"=>{"login"=>"abcdef12", "password"=>"[FILTERED]"}, "commit"=>"Log In"}
2018-10-08 12:38:23 03b25c5c [app] [W] Action failed
| LdapFluff::Generic::UnauthenticatedException: Could not bind to ActiveDirectory user ptt\xyzadm
| /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.7/lib/ldap_fluff/generic.rb:76:in `serv

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments