I'm running AzerothCore in Docker but am unable to sign in with any of the test accounts. I am using the default password of 'a' and have not changed any of the passwords.
When trying to log in on the WotLK client, I get the 'the information you have entered is not valid' box pop up. I can see from my authserver log that it is receiving the username I put in:
Added realm "AzerothCore" at 127.0.0.1:3306.
Authserver listening to 0.0.0.0:3724
'172.18.0.1:56942' Accepting connection
[4 ms] SQL(p): DELETE FROM ip_banned WHERE unbandate<>bandate AND unbandate<=UNIX_TIMESTAMP()
[4 ms] SQL(p): SELECT * FROM ip_banned WHERE ip = '172.18.0.1'
[0 ms] SQL(p): SELECT a.id, a.locked, a.lock_country, a.last_ip, aa.gmlevel, a.salt, a.verifier, a.token_key FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = 'TEST1'
[AuthChallenge] Account 'TEST1' is not locked to ip
[AuthChallenge] Account 'TEST1' is not locked to country
[1 ms] SQL(p): UPDATE account_banned SET active = 0 WHERE active = 1 AND unbandate<>bandate AND unbandate<=UNIX_TIMESTAMP()
[0 ms] SQL(p): SELECT bandate, unbandate FROM account_banned WHERE id = 1 AND active = 1
I have also tried changing my authserver.conf file to set WrongPass.Logging = 1 but neither my log or database reflect a failed login attempt.
I think the fact that it's telling me the account test1 is not locked to an IP or country means it is successfully communicating with the database, but I can't figure out what my problem is here. Any help in understanding what's going on here would be much appreciated.
I am also unable to log in with "test1" and "a", but it is quite easy to reset the passwords.
In your worldserver console, paste this in:
account set password test1 thisisthenewpassword thisisthenewpassword
account set password test2 thisisthenewpassword thisisthenewpassword
account set password test3 thisisthenewpassword thisisthenewpassword
account set password test4 thisisthenewpassword thisisthenewpassword
account set password test5 thisisthenewpassword thisisthenewpassword
account set password test6 thisisthenewpassword thisisthenewpassword
account set password test7 thisisthenewpassword thisisthenewpassword
account set password test8 thisisthenewpassword thisisthenewpassword
account set password test9 thisisthenewpassword thisisthenewpassword
account set password test10 thisisthenewpassword thisisthenewpassword
You can also create a new account for yourself with full GM privileges with these commands:
account create yourusername yourpassword
account set gmlevel yourusername 3 -1
Related
This question is about Jenkins LDAP root DN & Display Name LDAP attribute
Environment:-
Jenkins Version - 2.235.5(LTS)
LDAP Plugin - 1.24
I am trying to configure LDAP(AD) Authentication in our Jenkins, Below is the configuration settings.
root DN - DC=Company,DC=domain,DC=com
User search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
User search filter: sAMAccountName={0}
Group search base: OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Group search filter: (&(objectclass=group)(cn={0}))
Group membership
Group membership filter - (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
Manager DN: CN=jenkins,OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com
Manager Password: password
Display Name LDAP attribute: displayname
Email Address LDAP attribute: mail
But while testing the LDAP connection it fails below error.
Login
Authentication: failed for user "jenkins-user"
Lookup
User lookup: failed for user "jenkins-user"
LdapCallback;[LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domain,DC=com'
]; remaining name 'OU=Users,OU=Division,OU=Team,DC=Company,DC=domain,DC=com'
LDAP Group lookup: could not verify.
Please try with a user that is a member of at least one LDAP group.
Lockout
The user "jenkins-user" will be unable to login with the supplied password.
If this is your own account this would mean you would be locked out!
Are you sure you want to save this configuration?
Suppose if i keep the root DN as empty and enabled the tick mark - Allow blank rootDN. my test connection is getting successful.
But i would like to know that currently i am running root DN as empty and enabled - Allow blank rootDN in plugin section. Is this is fine for production environment?
Also for the logged in users, The display name shown as below which is too lengthy.
First-Name/Sur-Name/Team-Name/Location/Title/Company-Name
i would like to display only First-Name + Sur-Name. For this i tried to change Display Name LDAP attribute: with name, givenName, cn & sn but none of them were worked. So is it possible to display only First name + Sur-name in Jenkins?
I have fixed it. Each time when we change/update the Display Name LDAP attribute value in LDAP configuration section, We need to delete the user from people category and need to login. Post that it displays the configured settings.
I have an issue while changing password as a user and I cannot find anything in documentation metioning changing password as a user without admin priviliges.
I am logged as user abc and I execute:
set password for "abc" = 'abc'
I receive:
ERR: error authorizing query: abc not authorized to execute statement 'SET PASSWORD FOR abc = [REDACTED]', requires admin privilege
Is it possible to change password as a user not as admin?
That is true, it should not be done by the standard user. You are able to change your password, you should not be able to change other's password if no admin privileges set.
Let say there is testuser standard user with no admin privileges and another user named admin with admin privileges.
if you login with admin then you should be able to change anyone's password with CLI:
set password for "testuser" = 'testing'
logging with testuser and changing admins password will through en error of course:
set password for "admin" = 'adminpass'
response:
ERR: error authorizing query: testuser not authorized to execute statement 'SET PASSWORD FOR admin = [REDACTED]', requires admin privilege
even if you run show users with testuser, it will not let you see other users and it is admin privileges.
ERR: error authorizing query: testuser not authorized to execute statement 'SHOW USERS', requires admin privilege
Solution for changing anyone's password:
CREATE USER "someuser" WITH PASSWORD 'somepassword' WITH ALL PRIVILEGES
but it requires admin privileges.
I have already migrate Jenkins to use LDAP login, and have no problem.
But when I tried to migrate phabricator to use LDAP, I got "Username or password are incorrect." every time, and I'm sure the same username and passwd can login Jenkins. I was using the same OpenLDAP server, and the LDAP has a readonly DN: cn=readonly,dc=my-company,dc=com. Phabricator configurations list below:
Allow: "Allow Login"
LDAP Hostname & Port: exactly the same with my Jenkins configuration
Base Distinguished Name: ou=user,dc=my-company,dc=com (while Jenkins root DN was dc=my-company,dc=com)
Search Attributes: empty
Always Search: unchecked
Anonymous Username: cn=readonly, dc=my-company, dc=com (same with Jenkins Manager DN)
Anonymous Password: the password (same with Jenkins Manager password)
Username Attribute: uid
Realname Attributes: empty
LDAP Version: 3
This has block me two days, is there something I missed?
Thanks for your answer~
Oh, I figure it out. Phabricator has a different LDAP login mechanism with Jenkins. Phabricator always bind LDAP with the user's DN and password (to verify login), then search the user's DN itself. Below is the comment in the LDAP login code:
// This is unusual (since the bind succeeded) but we've seen it at least
// once in the wild, where the anonymous user is allowed to search but
// the credentialed user is not.
// If we don't have anonymous credentials, raise an explicit exception
// here since we'll fail a typehint if we don't return an array anyway
// and this is a more useful error.
// If we do have anonymous credentials, we'll rebind and try the search
// again below. Doing this automatically means things work correctly more
// often without requiring additional configuration.
So, LDAP users must have search acl, like:
olcAccess: {1}to *
by self write
by dn="cn=admin,dc=my-company,dc=com" write
by dn="cn=readonly,dc=my-company,dc=com" read
by users search
by * none
I didn't have 'by users search' option, so login failed.
I have just started using FreeRadius. In the users file, I have a line
testing Cleartext-Password := "password"
How do I configure the groupname this "testing" user belongs to.
You have to configure group in clients.conf
like
client 192.168.1.0/24 {
*Write your secret or nastype here. *
}
Here 192.168.1.0/24 is set of IPs...
It's pretty easy to create an administrator user on the BlackBerry Administrator API, following the documentation. All administrator users have to be assigned a role, and roles are easy to look up (Example using python and suds):
organisation_id = 0
locale = 'en_US'
display_name = 'Mac Chapman'
username = 'maccy'
password = 'password'
role_id = None
for role in ws.service.findRoles(organisation_id, locale).roles:
if role.localeNameAndDescription[0].name == 'Security Administrator':
role_id = role.roleId
print ws.service.createBASAuthenticatedAdministratorUser(organisation_id, display_name, role_id, username, password)
But I cannot for the life of me figure out how to create a new role within the API. Is it possible?