Hi John On Wed, 15 Jun 2016 13:23:15 -0700 (PDT) John Test <[email protected]> wrote: > Hello > > I am following this section on creating AD LDAPS auth for foreman > https://theforeman.org/manuals/1.11/index.html#4.1WebInterface > > This is secure LDAP and here is how I exported the cert from AD > > 1. Go to Active Directory certificate authority MMC > 2. right click CA -> all tasks -> backup CA > 3. select "private key and CA certificate" > 4. no password specific > 5. Finish > > I take this and put it in > > /usr/local/share/ca-certificates/ > > Then I issue command > > update-ca-certificates > > It says it added a cert. > > I go back on foreman and try to login with AD creds. no go. [...]
Can you provide some more details? I guess you're running Foreman on Debian / Ubuntu? Do you get the error message regarding untrusted / not able to verify connection? Perhaps some intermediate certs of your CA are missing. You can also extract the certificates through the following way: # echo | openssl s_client -showcerts -connect $DC_FQDN:636 Try to combine the intermediate and root CA certs into one file. Cheers Michael -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
pgplhEWZtvhdE.pgp
Description: OpenPGP digital signature
