hi,
just installed tljh and confirmed it worked ok with default auth. switched to the LDAP auth plugin and it’s telling me my password is wrong for the user specified at login (I’m sure this password is correct). I’m wondering if there’s some way to get the plugin to be more specific with the messages it’s getting back from LDAP. my directory server is a Zentyal instance (so, Samba running the domain), which I’ve noticed is sometimes Weird™ in how it is set up, but as far as I can tell, there’s nothing I’m missing in my config.
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.lookup_dn = True
c.LDAPAuthenticator.user_search_base = 'CN=Users,dc=domain,dc=tld'
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.lookup_dn_search_user = 'CN=Service Account,CN=Managed Service Accounts,DC=domain,DC=tld'
c.LDAPAuthenticator.lookup_dn_search_password = 'hunter2'
c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn'
c.LDAPAuthenticator.lookup_dn_search_filter = '({login_attr}={login})'
c.LDAPAuthenticator.escape_userdn = False
c.LDAPAuthenticator.bind_dn_template = '{username}'
c.LDAPAuthenticator.server_address = '192.168.9.20'
here’s the log from the login attempt:
2024-09-09T18:24:55.819376+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.819 JupyterHub app:2885] Running JupyterHub version 4.1.6
2024-09-09T18:24:55.819964+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.819 JupyterHub app:2915] Using Authenticator: ldapauthenticator.ldapauthenticator.LDAPAuthenticator-1.3.2
2024-09-09T18:24:55.819985+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.819 JupyterHub app:2915] Using Spawner: tljh.user_creating_spawner.UserCreatingSpawner
2024-09-09T18:24:55.819994+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.819 JupyterHub app:2915] Using Proxy: jupyterhub_traefik_proxy.fileprovider.TraefikFileProviderProxy-1.1.0
2024-09-09T18:24:55.823817+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.823 JupyterHub app:1683] Loading cookie_secret from /opt/tljh/state/jupyterhub_cookie_secret
2024-09-09T18:24:55.874555+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.874 JupyterHub app:2005] Not using allowed_users. Any authenticated user will be allowed.
2024-09-09T18:24:55.900966+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.899 JupyterHub fileprovider:99] Creating the dynamic configuration file: /opt/tljh/state/rules/rules.toml
2024-09-09T18:24:55.909519+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.909 JupyterHub app:2954] Initialized 0 spawners in 0.010 seconds
2024-09-09T18:24:55.911973+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.911 JupyterHub metrics:279] Found 1 active users in the last ActiveUserPeriods.twenty_four_hours
2024-09-09T18:24:55.912340+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.912 JupyterHub metrics:279] Found 1 active users in the last ActiveUserPeriods.seven_days
2024-09-09T18:24:55.912639+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.912 JupyterHub metrics:279] Found 1 active users in the last ActiveUserPeriods.thirty_days
2024-09-09T18:24:55.912714+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.912 JupyterHub app:3168] Not starting proxy
2024-09-09T18:24:55.914814+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.914 JupyterHub app:3204] Hub API listening on http://127.0.0.1:15001/hub/
2024-09-09T18:24:55.914833+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.914 JupyterHub app:3215] Starting managed service cull-idle
2024-09-09T18:24:55.914842+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.914 JupyterHub service:386] Starting service 'cull-idle': ['/opt/tljh/hub/bin/python3', '-m', 'jupyterhub_idle_culler', '--timeout=600', '--cull-every=60', '--concurrency=5', '--max-age=0']
2024-09-09T18:24:55.914851+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.914 JupyterHub service:134] Spawning /opt/tljh/hub/bin/python3 -m jupyterhub_idle_culler --timeout=600 --cull-every=60 --concurrency=5 --max-age=0
2024-09-09T18:24:55.916188+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.916 JupyterHub app:3273] JupyterHub is now running, internal Hub API at http://127.0.0.1:15001/hub/
2024-09-09T18:24:55.997399+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:55.997 JupyterHub log:192] 200 GET /hub/api/ (cull-idle@127.0.0.1) 15.01ms
2024-09-09T18:24:56.000577+00:00 alexandria python3[2740]: [I 2024-09-09 18:24:56.000 JupyterHub log:192] 200 GET /hub/api/users?state=[secret] (cull-idle@127.0.0.1) 2.79ms
2024-09-09T18:25:00.673719+00:00 alexandria python3[2740]: [I 2024-09-09 18:25:00.673 JupyterHub log:192] 302 GET / -> /hub/ (@192.168.100.2) 0.40ms
2024-09-09T18:25:00.785085+00:00 alexandria python3[2740]: [I 2024-09-09 18:25:00.784 JupyterHub log:192] 302 GET /hub/ -> /hub/login?next=%2Fhub%2F (@192.168.100.2) 0.67ms
2024-09-09T18:25:00.911529+00:00 alexandria python3[2740]: [I 2024-09-09 18:25:00.911 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2F (@192.168.100.2) 11.99ms
2024-09-09T18:25:01.864924+00:00 alexandria CRON[2748]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
2024-09-09T18:25:06.478558+00:00 alexandria python3[2740]: [W 2024-09-09 18:25:06.478 JupyterHub ldapauthenticator:398] Invalid password for user 'JTD'
2024-09-09T18:25:06.479003+00:00 alexandria python3[2740]: [W 2024-09-09 18:25:06.478 JupyterHub base:943] Failed login for jtd
2024-09-09T18:25:06.479683+00:00 alexandria python3[2740]: [I 2024-09-09 18:25:06.479 JupyterHub log:192] 200 POST /hub/login?next=%2Fhub%2F (@192.168.100.2) 305.52ms
my other idea is to somehow use an SSSD passthrough because I have the VM joined to AD and that works perfectly, but I’m not sure how to get the PAM authenticator to play nicely with that (it did not work when I tried on a lark after I initially set it up).
TIA.