You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2017-09-08 07:57:00

tuanhtc
Member
Registered: 2017-09-08
Posts: 11

Authentication error with LDAP (Active Directory)

I'm using external AUthentication for all my users (LDAP with Active Directory). Today all my users can't access to GLPI and get the following message "Incorrect username or password". it was working before
I can connect only with internal user.
I test the connection to LDAP from GLPI and I get the following messages "Test successful (Main server : <SUS>)
I'm using glpi 9.1.4 version
Can someone help me with this problem?

Offline

#2 2017-09-08 12:57:42

farndt3
Member
Registered: 2016-06-22
Posts: 5

Re: Authentication error with LDAP (Active Directory)

Maybe your binding users password expired?

Offline

#3 2017-09-08 14:03:26

tuanhtc
Member
Registered: 2017-09-08
Posts: 11

Re: Authentication error with LDAP (Active Directory)

farndt3 wrote:

Maybe your binding users password expired?

Probaly after i changed fo RootDN account then all users ca't login.
My user is RootDN account.

How can i solve for that?

Offline

#4 2017-09-08 20:20:01

Roshan
Member
Registered: 2017-07-26
Posts: 69

Re: Authentication error with LDAP (Active Directory)

Best solution is create a normal user in AD with no password expire , user can't change password option and use that account for the LDAP import.

Offline

#5 2017-09-11 11:22:10

tuanhtc
Member
Registered: 2017-09-08
Posts: 11

Re: Authentication error with LDAP (Active Directory)

Now. I can't search any account from AD, although "test successful (Main server : <SUS>"
I tested on new AD (I just build-ed for testing), but problem is the same.

Everyone have any idea about this problem?
Thanks and best regards,

Offline

#6 2017-09-11 15:04:59

Roshan
Member
Registered: 2017-07-26
Posts: 69

Re: Authentication error with LDAP (Active Directory)

Hello, please refer to the below image.
LDAP.jpg

moreover select the proper timezone for the ldap

Offline

#7 2020-04-24 10:58:53

marco.mellini
Member
Registered: 2020-04-24
Posts: 1

Re: Authentication error with LDAP (Active Directory)

Good morning
I have a problem of authentication from  ldap but only for the users setted on Active Directory with authorization limited on a specifics computers.

Can you help me ?

Thanks

Last edited by marco.mellini (2020-04-24 11:01:26)

Offline

#8 2020-06-02 03:59:51

RyzhenkovSS
Member
Registered: 2020-06-02
Posts: 4

Re: Authentication error with LDAP (Active Directory)

Hello! I have the same problem, users with a limited number of computers to log in cannot log in to GLPI. As soon as you give permission to enter from any computer, everything works. How can I solve the problem?

Offline

#9 2020-06-02 11:16:50

grajek
Member
Registered: 2015-03-16
Posts: 72

Re: Authentication error with LDAP (Active Directory)

Isn't it that GLPI server is doing authentication? Maybe in AD you should allow all users to log in via GLPI server...


GLPI 9.5.1 CentOS

Offline

#10 2020-06-02 11:53:33

RyzhenkovSS
Member
Registered: 2020-06-02
Posts: 4

Re: Authentication error with LDAP (Active Directory)

I import users from the Active Directory through LDAP to GLPI, and if the user has no restrictions on the number of machines from which he can log in to the domain, then he imported in this way will log into GLPI without problems, but all users must be logged in each domain from its own computer, and with these settings, when you enter the GLPI, an error "an incorrect login or password" pops up.
Annotation-2020-06-02-164754.png

Offline

#11 2022-02-14 15:04:38

sner
Member
Registered: 2022-02-14
Posts: 2

Re: Authentication error with LDAP (Active Directory)

Hello,
Did anyone solve this problem?

We define log on to workstations for every user and we define the Glpi hostname too but still no luck.
Glpi shows "an incorrect login or password" error when domain user try to login.
Also there is an audit failure event on active directory says user try to login domain controller.
If I add domain controller to  user workstation list user can login to glpi, but this is insecure.
I don’t understand the reason why workstation name isn’t glpi hostname.

Could you please help me with this problem?
Thanks

Offline

#12 2022-02-15 01:18:10

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,335
Website

Re: Authentication error with LDAP (Active Directory)

I don't know all the details but it has to do with how GLPI authenticates the user with the domain. It should be possible to all the domain controller(s) used with GLPI to the list of logon workstations but also add a group policy for your domain controllers to restrict interactive logons for normal domain users. This will allow the network logon to work but not regular logons.

It looks like other apps have this issue and I don't know of a way it can be changed in GLPI so that you only have to add the GLPI host to the list of allowed workstations.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#13 2022-02-18 09:37:33

sner
Member
Registered: 2022-02-14
Posts: 2

Re: Authentication error with LDAP (Active Directory)

Thank you cconard96,
I solved as you mentioned.

Offline

#14 2022-04-07 13:53:13

khalid.hassak
Member
Registered: 2016-07-25
Posts: 2

Re: Authentication error with LDAP (Active Directory)

bonjour à tous,
bonjour sner,
pouvez-vous me donner les étapes à suivre pour le résoudre j'ai le même problème

Offline

#15 2022-05-06 07:32:30

ABuiza
Member
Registered: 2022-05-05
Posts: 2

Re: Authentication error with LDAP (Active Directory)

Hi!!

Same issue here.

So, the only solution is to add the AD server to the list of logon computers where users can log? and then prevent from local login with a group policy?
Is there any way to fix it with a simple policy?
How should it be configured?

Thank you in advance!!

Offline

Board footer

Powered by FluxBB