Rspamd AD Login


(LR) #1

I installed Rspamd for testing, but a login as AD Admin on the Configside is not possible, in Rouncube this is possible without problems. Where do you think the problem lies?

(Davide Principi) #2

Here I can login as member of “Domain Admins” group. I can’t check the “admin” user, sorry. Could you provide some /var/log/secure and /var/log/messages excerpts?

(LR) #3

Mar 23 11:05:04 webmail httpd: pam_succeed_if(rspamd:auth): requirement “user in admin” not met by user "administrator"
Mar 23 11:05:04 webmail httpd: pam_succeed_if(rspamd:auth): requirement “user ingroup domain admins” not met by user “administrator”

in messages there’s nothing in it

(Davide Principi) #4

You can login with either “admin” or any member of the “domain admins” group. Administrator shoud be member of it, however, let’s check it. Please paste the output of:

id administrator

(LR) #5

uid=1689400500(uid=1689400500(administrator@astra.local) gid=1689400513(domänen-benutzer@astra.local) groups=1689400513(domänen-benutzer@astra.local),1689400520(richtlinien-ersteller-besitzer@astra.local),1689400519(organisations-admins@astra.local),1689403102(helplibraryupdaters@astra.local),1689403104(sqlservermsasuser$adp$mssqlserver@astra.local),1689400512(domänenadmins@astra.local),1689400518(schema-admins@astra.local),1689400572(abgelehnte rodc-kennwortreplikationsgruppe@astra.local),1689403613(pt-programme@astra.local),1689407638(wifi@astra.local),1689407655(pt-wifihome@astra.local),1689403612(verwaltung@astra.local

(Davide Principi) #6

It seems AD has localized group names. Did you configure a remote MS AD accounts provider? Just out of curiosity, which version is it?

I don’t know if UTF-8 chars are well supported, but you should configure the admins/group prop as documented here:

If a user or group with a similar purpose is already present in the remote account provider database, but it is named differently, NethServer can be configured to rely on it with the following commands…

(LR) #7

Thanks, I created the “Admin” in the AD with user rights and now I can log in.