looking111 8 Posted August 17, 2019 Share Posted August 17, 2019 Hello all, i bought emby because the ldapplugin. I configured and it works fine, but only with user who have never had an account in Emby. I've changed existing users to ldap, or deleted this users, add this users again "with ldap" but same, unable to login, so i think there are discrepancy with the old non existing local accounts. Embyversion 4.2.1.0. Here is the log if i would like to login. 2019-08-17 02:33:59.485 Info HttpServer: HTTP POST https://stream.supertux.lan:8920/emby/Users/authenticatebyname. UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/76.0.3809.87 Chrome/76.0.3809.87 Safari/537.36 2019-08-17 02:33:59.518 Error UserManager: Error authenticating with provider LDAP *** Error Report *** Version: 4.2.1.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb Operating system: Unix 5.0.15.1 64-Bit OS: True 64-Bit Process: True User Interactive: True Runtime: file:///opt/emby-server/system/System.Private.CoreLib.dll Processor count: 8 Program data path: /var/lib/emby Application directory: /opt/emby-server/system Novell.Directory.Ldap.LdapException: LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Matched DN: Source: LDAP TargetSite: Void ChkResultCode() 2019-08-17 02:33:59.518 Info HttpClient: POST https://connect.emby.media/service/user/authenticate 2019-08-17 02:34:00.123 Info UserManager: Authentication request for sandra has been denied. 2019-08-17 02:34:00.123 Warn HttpServer: AUTH-ERROR: 2001:470:1e4b:569:54e5:727a:9bbb:f4f9 - Invalid user or password entered. 2019-08-17 02:34:00.123 Error HttpServer: Invalid user or password entered. It looks like the user is wrong, or password is wrong, or user is in the wrong group, but everything on LDAP-Server is ok. Because other "new" users are working fine. Thanks a lot Link to comment Share on other sites More sharing options...
Luke 37060 Posted August 17, 2019 Share Posted August 17, 2019 Hi, according to that log it is trying to use ldap. I'm not sure what the issue might be. Do you have an ldap user with the same name? Link to comment Share on other sites More sharing options...
looking111 8 Posted August 17, 2019 Author Share Posted August 17, 2019 Yes i have. Ldapuser with the same name. What i do? Add an LDAPuser in Active Directory. Add this user to the group "embyserver-stream". Nothing more. No i'am able to login in the emby webinterface. After the first login the user is listed automaticly in the userlist and can configured already from the administrator. But this works only with users the who have never logged in to the Emby server (before ldap plugin). Link to comment Share on other sites More sharing options...
Luke 37060 Posted August 18, 2019 Share Posted August 18, 2019 Well I believe you, I just think something else is going on because I've never seen this reported before. Are you sure you entered the right credentials? Is it possible the browser autocomplete created a problem here? Link to comment Share on other sites More sharing options...
looking111 8 Posted August 20, 2019 Author Share Posted August 20, 2019 This is very strange, this day i created new users in AD and they also didn't work. Strange, always "Invalid Credentials". I think that some users were work was an cashproblem, or something else... The ldapserver is a Univention UCS Server. So it works only on port 7389 and for SSL 7636. On port 7389 it says "Invalid Credentials". On Port 7636 it says "The remote certificate is invalid according to the validation procedure." On this port all other connections like CheckMK works fine. And the certifikate is installed in trusted systemstore. Works other application like apache2 fine. I also set the CA there: "/etc/ldap/ldap.conf" because some webstuff should look there too. And i setuped the field "SSL certificate hash (SHA1)" too. Somewhere should probably be a mistake. Maybe the SHA1. I converted with: "openssl dgst -sha1 mycert.crt" Link to comment Share on other sites More sharing options...
Luke 37060 Posted August 20, 2019 Share Posted August 20, 2019 That's interesting. Thanks for the info. Link to comment Share on other sites More sharing options...
looking111 8 Posted August 20, 2019 Author Share Posted August 20, 2019 (edited) Ok, i tested this on a completly default plain Ubuntuldap. Without cert, auth and .... And the auth with emby did not work. So either I understand something completely wrong, or there is a bug here. Can you check this please? Thanks a lot. Here are the Log from the LDAPserver. You can see that emby connect to: Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 fd=12 ACCEPT from IP=192.168.33.1:36563 (IP=0.0.0.0:389) Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=0 BIND dn="" method=128 Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=0 RESULT tag=97 err=0 text= Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=1 SRCH base="dc=supertux,dc=cc" scope=2 deref=0 filter="(objectClass=*)" Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=1 SRCH attr=memberOf displayName sAMAccountName Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=2 BIND dn="dc=supertux,dc=cc" method=128 Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=2 RESULT tag=97 err=49 text= Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 op=3 ABANDON msg=23 Aug 20 19:34:03 ldap-test slapd[10622]: conn=1000 fd=12 closed (connection lost) Interessting is "RESULT tag=97 err=49 text=" Edited August 20, 2019 by looking111 Link to comment Share on other sites More sharing options...
Luke 37060 Posted August 20, 2019 Share Posted August 20, 2019 Are you able to see the password that was sent? Link to comment Share on other sites More sharing options...
looking111 8 Posted August 20, 2019 Author Share Posted August 20, 2019 No, not, this is encrypted. Tested with some user like maxi44 and Password 123 Link to comment Share on other sites More sharing options...
Luke 37060 Posted August 24, 2019 Share Posted August 24, 2019 Are you still running into this? Link to comment Share on other sites More sharing options...
looking111 8 Posted August 24, 2019 Author Share Posted August 24, 2019 Yes. Hmm. Can we test this with an fresh emby installation, can i put my emby key on a test installation too? Maybe my emby have an issue, or ldapplugin is broken. Link to comment Share on other sites More sharing options...
looking111 8 Posted August 27, 2019 Author Share Posted August 27, 2019 Finally, i found the problem. It is an syntaxerror in my embyldapconfig. Important: This must contain {0} in order to allow specific user lookups. So i tested some filter, but i have not enouthg experience with ldapfilter. So other interface i have this, example: (memberof=cn=embyserver-stream,cn=groups,dc=supertux,dc=lan) Can you help me to build in the {0} please? thanks Link to comment Share on other sites More sharing options...
Solution Luke 37060 Posted August 27, 2019 Solution Share Posted August 27, 2019 Thanks for the feedback ! I would suggest adding that question here: https://emby.media/community/index.php?/topic/56793-ldap-plugin/ There are some more knowledgeable ldap users in that topic. Thanks. 1 Link to comment Share on other sites More sharing options...
looking111 8 Posted August 28, 2019 Author Share Posted August 28, 2019 It is now solved: https://emby.media/community/index.php?/topic/56793-ldap-plugin/page-12&do=findComment&comment=781575 YEAH Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now