Recently I have restored the checkmk backup from a CentOS 8 stream VM to a physical server. The OS on the physical server is Ubuntu 20.04 LTS version and then upgraded checkmk version from 2.0 to 2.1 OP5 CRE
After that configured LDAP settings such that we login with our AD credentials to checkmk, now the strange part is LDAP is synced successfully but I am unable to login with LDAP credentials. It says Invalid login.
I am literally scratching my head from last 1 week but noting works, is it a bug in checkmk?
Hi,
first of all you need to check if the user who tries to logon is in the synced users. Hint:: At the top of the list is a hint, that only the first 100 Items listet. What’s also importatn, minimize the groups and users .
just to be sure:
the username field in checkmk should only include the name, not any part of the domain i.e. not company\prachi, only “prachi”
if it’s not that, you can enable LDAP and authentication “debug” logging in the global settings → user interface → logging and then check the var/log/web.log file
Yeah I did that, and the strange thing is my name is there in the sync users in web.log but when I try to login only with my name it says invalid credentials and this come in web.log
2022-07-15 11:32:52,425 [30] [cmk.web.auth 1222745] Login failed for username: abcd (existing: No, locked: N/A, failed logins until locked: N/A), client: xx.xx.xx.xx
And when I try with some other user, I am able to login in the checkmk…so now I am confused…that why for my user its giving the problem although its present in sync users…
Is there a way to check my user profile in checkmk ubuntu server?
is your user by any chance in the protected users group? there was something about that in the german sub-forum Login mit Protected Users - I guess the ldap module within checkmk is not compatible with the higher security requirements enforced by AD for these users.
We found the issue, actually my user profile was created earlier in checkmk with htpasswd , now after AD integration, I deleted my user profile in checkmk and tried to login with AD password and it was giving invalid login because it was still taking the connection" htpasswd" .
After changing the connection from htpasswd to ldap in my user profile , it worked.
With new users whose profiles are not there in checkmk initially , wont have problem in login.
The same restore we did in checkmk few days back in another environment and there we didnt have issues with any of the users, I straight away deleted the users with htpasswd and asked them to login with AD credentials and it worked. But this time it was a problem, not sure why it worked previously and not this time.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
