+- TACTIC Open Source (http://forum.southpawtech.com)
+-- Forum: TACTIC Open Source (http://forum.southpawtech.com/forumdisplay.php?fid=3)
+--- Forum: TACTIC Discussion (http://forum.southpawtech.com/forumdisplay.php?fid=4)
+--- Thread: Users Can't Login (/showthread.php?tid=75)
Users Can't Login - swamiforlife - 01-31-2020
I have tactic setup on Windows Server 2019.
I am able to create users and groups and add tasks pretty much use the VFX template perfectly fine as the admin user.
While i was playing around with groups and users and user permissions. I must have done something so, now none of my users can login.
I can only login with the default Admin user.
When i try to login with other users it just says bad username or password.
What could be the problem?
RE: Users Can't Login - remkonoteboom - 01-31-2020
By default (if you are not use AD or LDAP) is that the user information is stored in the "login" table in the "sthpw" database. There is a column called "password" for every user. Depending on the version of TACTIC, it would either be "encrypted" using "md5" (terrible, I know) or using a port of the Drupal hash (which is quite complex). You will know if the password starts with a "$", in which case the password is using the Drupal hash.
You can debug by starting TACTIC in debug mode from the command line:
python3 startup_dev.py -p 9000
This will send the output to the console. Selecting a port allows you to run a debug session along with a production version. It may output any issues when trying to login.
If you wish, you can put print statements in the code to help debug. The code that controls the login is in:
<TACTIC_INSTALL_DIR>/src/pyasm/security/security.py
using the method "login_user" in the Security class.
RE: Users Can't Login - dankripac - 04-15-2020
Hi remkonoteboom,
You mention LDAP (which I'm really keen on trying to use) but I can't find any real reference to it in the various docs/guides?
There is a one-line reference to it in:
doc/book/doc/doc_tactic-sys-admin/html/ar01s06.html#_active_directory_integration
Quote:Apache uses either directives for directory access in the httpd.conf file, or can be enabled on a per-directory basis, with the use of a .htaccess file. Either way can be used. Apache provides modules for LDAP, MySQL, flat-file, ADS, and many other authentication mechanisms.
I noticed there is this file:
src/pyasm/security/ldap_ad_authenticate.py
Is there a LDAP setup guide that I'm missing?
Cheers
Dan
RE: Users Can't Login - remkonoteboom - 04-15-2020
There are a couple of built-in modules to authenticate. The only real one we have detailed documentation for alternate authentication can be found here:
http://community.southpawtech.com/docs/sys-admin/active-directory/
It is for Active Directory. However, the important line is:
<security>
...
<authenticate_class>tactic.active_directory.ADAuthenticate</authenticate_class>
...
</security>
Basically, this points the authentication to use a custom (or different) handler from the default. The default handler is:
pyasm.security.TacticAuthenticate
This is found in "src/pyasm.security.authenticate.py". In this file there is also another class called "LDapAuthenticate" which is what we have used to authenticate against an LDAP service. It is very simple. You just have to override a single function. Of course you can derive off of the Authenticate class and create your own. Many sites have done this.
The file you refer to: "src/pyasm/security/ldap_ad_authenticate.py" is yet another authenticate mechanism and it issued specifically to authenticate against Active Directory using the LDAP protocol, something AD does support and is the only real way to authenticate a Linux install of TACTIC against AD.