You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2024-03-14 09:31:51

seb69
Member
Registered: 2024-03-08
Posts: 6

glpiagent: authentication required, no credentials available

i can't get glpiagent to work
my :
GLPI 10.0.10, debian12, mariadb, apache
SSO -> active directory
glpiinventory installed (1.3.4)
HTTPS certificate signed by our internal certificate authority
administration -> inventory -> "activate inventory" check

Everything works fine, except the inventory!
my first question is, what should be the URL to contact? i've seen on the documentation that if the glpiinventrory pluggin is installed i have to use "https://******.****.***/plugins/glpiinventory/" i've also seen other url like "https://******.****.***/glpi/front/inventory.php" or "https://******.****.***/front/inventory.php". (I tried the three urls for the same result )

here's how I install the agent on my desktops:
msiexec.exe /i GLPI-Agent-1.7-x64.msi /quiet ADD_FIREWALL_EXCEPTION=1 DEBUG=2 AGENTMONITOR=1 RUNNOW=1 EXECMODE=1 NO_SSL_CHECK=1 QUICKINSTALL=1 SERVER=https://******.****.***/plugins/glpiinventory/

after installing the agent i find this in the logs :
[error] [http client] authentication required, no credentials available
[error] No supported answer from server at https://******.****.***/plugins/glpiinventory/

if I add credentials(USER=***** PASSWORD=******* )during installation I get :
[debug] [http client] authentication required, submitting credentials
[error] [http client] authentication required, wrong credentials
[error] No supported answer from server at https://******.****.***/plugins/glpiinventory/

I can't remember what the problem is, if anyone could please help me.

Last edited by seb69 (2024-03-14 09:51:02)

Offline

#2 2024-03-14 13:45:38

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,418
Website

Re: glpiagent: authentication required, no credentials available

Normally, the URL can be either https://my-glpi-server or https://my-glpi-server/front/inventory.php.
If you use the GLPI Inventory plugin through the marketplace you use:
https://my-glpi-server/marketplace/glpiinventory/
If you use the GLPI Inventory plugin by manual installation to the plugins folder:
https://my-glpi-server/plugins/glpiinventory/

Currently, authentication is only handled at the web server level. If you have basic authentication required for the inventory URL, then you would supply the credentials in the USER and PASSWORD options.
If you didn't configure the web server to require authentication here, then maybe there is some other issue.

Do you see any errors in the GLPI server logs in the files/_log folder?

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#3 2024-03-14 14:34:37

seb69
Member
Registered: 2024-03-08
Posts: 6

Re: glpiagent: authentication required, no credentials available

Thank you cconard96 for your reply

installation of the glpiinventory plugin by hand, so yes: SERVER=https hmm/******.****.***/plugins/glpiinventory/

folder files var/lib/glpi/files/_log is empty :
var/lib/glpi/files/_log# ls -lrth
total 0

in terms of authentication, we have forced connection over HTTPS with SSO to AD (for users)

maybe the SSO blocking the agent from communicating with the server?

Offline

#4 2024-03-14 15:27:30

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,418
Website

Re: glpiagent: authentication required, no credentials available

seb69 wrote:

in terms of authentication, we have forced connection over HTTPS with SSO to AD (for users)

maybe the SSO blocking the agent from communicating with the server?

Yes, that is probably the case. Are you able to make an exception for the one route required for the agent?

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#5 2024-03-14 16:23:58

seb69
Member
Registered: 2024-03-08
Posts: 6

Re: glpiagent: authentication required, no credentials available

i putted that in .local-ssl.conf but same thing : (restarted apache too)

AliasMatch "^/(plugins/glpiinventory/(index\.php)?)$" "/var/www/glpi/$1"
        <Directory /var/www/glpi/plugins/glpiinventory>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

Offline

#6 2024-03-22 12:01:21

seb69
Member
Registered: 2024-03-08
Posts: 6

Re: glpiagent: authentication required, no credentials available

i tried with glpi native directory and have same issue.
My problème is my SSO, if i desactivate it inventory working.

but I can't manage to exclude this url from the sso, I've tried several techniques but none of them work.

tried :
1

#AliasMatch "^/(plugins/glpiinventory/(index.php)?)$" "/var/www/glpi/$1"

#<DirectoryMatch "/var/www/glpi/plugins/glpiinventory">
#AuthType None
#Options Indexes FollowSymLinks
#AllowOverride All
#Require all granted
#Satisfy Any
#
`

2

#<DirectoryMatch "/plugins/glpiinventory/">
#AuthType None
#Require all granted
#Satisfy Any
#
`

3

#<Directory /var/www/glpi/plugins/glpiinventory>
#GssapiBasicAuth off
#AuthType None
#Require all granted
#Order allow,deny
#llow from all
#
`
4

<If "! %{REQUEST_URI} =~ /glpiinventory(.*)$/">
#GssapiBasicAuth off
#AuthType None
#Require all granted
#Satisfy Any
#
`

Offline

#7 2024-03-26 13:26:22

seb69
Member
Registered: 2024-03-08
Posts: 6

Re: glpiagent: authentication required, no credentials available

Hello all and sorry to harass you but I can't find a solution.

Could some kind soul take a look at my apache conf file and tell me how to exclude the glpinventory url please?

Here's my complete conf file and see in the post above the various attempts to exclude the url (none of them worked)

<VirtualHost *:443>
    ServerName ****.****.local
    SSLEngine on
    DocumentRoot /var/www/glpi/public

<Location />
        AuthType GSSAPI
        AuthName "GLPI SSO"
        GssapiCredStore keytab:/etc/apache2/krb.keytab
        GssapiAllowedMech krb5
        Require valid-user
        GssapiBasicAuth On
        Options FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
</Location>
    <Directory /var/www/glpi/public>
        Require all granted
        Order allow,deny
        Allow from all
        RewriteEngine On

        # Redirect all requests to GLPI router, unless file exists.
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php [QSA,L]
    </Directory>
    <FilesMatch \.php$>
    SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost/"
    </FilesMatch>

        SSLEngine on
        SSLCertificateFile /etc/apache2/glpi.crt
        SSLCertificateKeyFile /etc/apache2/****.****.local.key

ErrorLog ${APACHE_LOG_DIR}/Helpdesk-ssl_error.log
CustomLog ${APACHE_LOG_DIR}/Helpdesk-ssl_access.log combined

</VirtualHost>

Offline

Pages: 1

Board footer

Powered by FluxBB