Active Directory Authentication

Enterprise

Bacula Enterprise Only

This solution is only available for Bacula Enterprise. For subscription inquiries, please reach out to sales@baculasystems.com.

Note

If you are experiencing any troubles with this method, it is recommended to use the Configure the HTTPD method.

1. Edit the /opt/bweb/etc/httpd.conf file.

   Comment

   #auth.backend = "htpasswd"
   #auth.backend.htpasswd.userfile = "/opt/bweb/etc/htpasswd.bweb"
   

2. Add the following for ACTIVE DIRECTORY server (for Windows):

   server.modules += ( "mod_authn_ldap" )
   auth.backend = "ldap"
   auth.backend.ldap.hostname = "192.168.1.8" <--- change to you Ldap Server
   
   auth.backend.ldap.base-dn = "ou=Users,dc=supportlab,dc=baculasystems,dc=com" <--- Change to you Ldap Users Directory tree
   
   auth.backend.ldap.filter = "(cn=?)"                                          <--- Change to Username Active Directory Field confrotation
   
   auth.backend.ldap.bind-dn = "CN=ad-admin,CN=Users,DC=supportlab,DC=baculasystems,DC=com"     <--- AD Administration username to check users
   
   auth.backend.ldap.bind-pw = "xxxxxx"                                         <--- Password User
   
   # "disable" for requiring passwords, "enable" for allowing empty passwords
   auth.backend.ldap.allow-empty-pw = "disable"
   
   
   ##### YOU CAN ALSO DO THIS ########
   
   auth.backend.ldap.bind-dn ="SUPPORTLAB\ad-admin"
   auth.backend.ldap.bind-pw = "xxxxxx"
   

Note

To Activate LDAPS, copy the CA certificate to Bweb Server and add the following Configuration to HTTPD. Conf:

auth.backend.ldap.hostname = "192.168.1.8" <--- change to you Ldap Server | DO NOT SPECIFY SSL PORT

auth.backend.ldap.starttls   = "enable" auth.backend.ldap.ca-file    = "/etc/openldap/certs/ca.cert.pem" auth.backend.ldap.allow-empty-pw = "disable"

Note

See Tips and Tricks for LDAP/Active Directory.

3. Restart Bweb service.

4. Try to Login with user “admin” and “bwebadmin” and check if exists any error on the logs.

   The logs:

   tail -f /var/log/messages
   
   Mar 16 12:15:11 bee lighttpd: 2018-03-16 12:15:10: (mod_auth.c.525) password doesn't match for /cgi-bin/bweb/bweb.pl username: user1, IP: 192.168.1.11
   Mar 16 12:15:18 bee lighttpd: 2018-03-16 12:15:18: (mod_auth.c.525) password doesn't match for /bweb/natcompare.js username: user1, IP: 192.168.1.11
   Mar 16 12:15:52 bee lighttpd: 2018-03-16 12:15:52: (mod_auth.c.525) password doesn't match for /bweb/remove.png username: user1, IP: 192.168.1.11
   Mar 16 12:21:49 bee systemd: Stopping Bacula Enterprise Bweb...
   Mar 16 12:21:49 bee lighttpd: 2018-03-16 12:21:49: (server.c.2005) server stopped by UID = 0 PID = 1
   Mar 16 12:21:49 bee systemd: Starting Bacula Enterprise Bweb...
   Mar 16 12:21:49 bee lighttpd: 2018-03-16 12:21:49: (server.c.1412) server started (lighttpd/1.4.48)
   Mar 16 12:21:49 bee systemd: Started Bacula Enterprise Bweb.
   Mar 16 12:32:36 bee dhclient[672]: DHCPREQUEST on enp0s3 to 192.168.1.1 port 67 (xid=0x3bc9f94d)
   

Note

The LDAP users that are allowed to use BWeb must be added to the local list of Bweb users. Click here to learn how to do it.

See also

Previous articles:

• LDAP Authentication

Next articles:

• Authentication via Pam LDAP

• How to Synchronize LDAP Users with Bweb Users

• Tips and Tricks for LDAP/Active Directory

Go back to: LDAP/Active Directory Authentication.