New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"No matching rule for subject ..." after updating Authelia to v4.37.3 #4528
Comments
I read again the logs. Authelia is not able the get my account groups |
Looks like the groups filter factorization may have got you, try with the following: ## Authentication Backend Provider Configuration
authentication_backend:
password_reset:
disable: true
ldap:
# Define default attributes
implementation: activedirectory
url: ldap://ldap.mydomain.lan
start_tls: true
tls:
skip_verify: false
base_dn: dc=mydomain,dc=lan
additional_users_dn: OU=Users,OU=Accounts
users_filter: (&({username_attribute}={input})(sAMAccountType=805306368)(memberOf=CN=Authelia Users,OU=Authelia,OU=Groups,DC=mydomain,DC=lan))
additional_groups_dn: OU=Authelia,OU=Groups
groups_filter: (&(member={dn})(objectClass=group))
user: "CN=Authelia,OU=Services,OU=Accounts,DC=mydomain,DC=lan" |
Also could you show the objectClass, group scope, and group type of the affected groups? Also the type of LDAP backend? Is it Microsoft AD or Samba AD? |
Hey @james-d-elliott For your question, I use Active Directory as backend and my group is a security local group. Thank you for your ultra quick solution ! :) |
It is, but I tested it locally so it's strange it didn't work for you. I adjusted the filter to the recommended filter by Microsoft. I'll double check this.. it might be the fact it's a domain local group. |
Feel free to reach me if you need me to run some tests. |
The groups filter narrowing for Active Directory to purposefully exclude distribution groups (which are not designed to act as security groups) unintentionally removed DLSG's from the filter results. This effectively reverts that allowing both DLSG's and GUSG's to be returned by default. Fixes #4551, Fixes #4528
See the adjusted default in #4569 |
Version
v4.37.3
Deployment Method
Docker
Reverse Proxy
SWAG
Reverse Proxy Version
2.0.0
Description
Hi there,
With the 4.37.3 update, my Authelia is broken. I can no longer access any of my resources. In the logs it says that Authelia can't find any matching rules (see below).
I reverted to Authelia 4.37.2 and restored the Docker volume from backup (due to storage schema migration) and everything works again.
I haven't seen anything in the changelog that can explain that.
Reproduction
Connect to my primary URL
Authenticate on Authelia webpage
Get a HTTP/401 error code
Expectations
No response
Configuration (Authelia)
Logs (Authelia)
Logs (Proxy / Application)
No response
Documentation
No response
Pre-Submission Checklist
The text was updated successfully, but these errors were encountered: