[foreman-users] Foreman LDAP (Active Directory) Setup - what i do wrong?

Sun, 05 Nov 2017 02:46:01 -0800 

Hello together,

i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and an 
Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it running.

The Foreman Server is alredy a realm member of the Windows Active 
Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with the 
AD-User in the Foreman Webinterface. I tryed it with  "DOMAIN\User" and 
"User". He just the username or password is wrong, not very helpful. And i 
dont know in wich logs i can get more informations about it.


This Settings iam using:

LDAP Server:
- - - - - - - - - - - - -
Name: neotokyo.net         # Just a name
Server: neotokyodc          # NetBios name of my VM
LDAPS:  [ ]
Port: 389
Server type: Active Directory


Account:
- - - - - - - - - - - - -

Account username: Administrator    #AD Administrator eq. to 
NEOTOKYO\Administrator on Windows AD.
Account password: givenPassword
Base DN: CN=Users,DC=neotokyo,DC=net
Group base DN: CN=Users,DC=neotokyo,DC=net
LDAP Filter: [ ]
Automatically create accounts in Foreman : [X]

Usergroup sync: [X]



Attribute mappings:
- - - - - - - - - - -  - - - -
Login name attribute: userPrincipalName
First name attribute: givenName
Surname attribute: sn
E-Mail Adress attribute: mail


The Attribute mappings  i just copied from the original documentation.


And here are informations about my Testlab-AD:

AllowedDNSSuffixes                 : {}
ChildDomains                       : {}
ComputersContainer                 : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer            : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName                  : DC=neotokyo,DC=net
DNSRoot                            : neotokyo.net
DomainControllersContainer         : OU=Domain 
Controllers,DC=neotokyo,DC=net
DomainMode                         : Windows2016Domain
DomainSID                          : 
S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer : 
CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest                             : neotokyo.net
InfrastructureMaster               : neotokyodc.neotokyo.net
LastLogonReplicationInterval       : 
LinkedGroupPolicyObjects           : 
{CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
                                     t}
LostAndFoundContainer              : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy                          : 
Name                               : neotokyo
NetBIOSName                        : NEOTOKYOa
ObjectClass                        : domainDNS
ObjectGUID                         : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain                       : 
PDCEmulator                        : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling   : True
QuotasContainer                    : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers    : {}
ReplicaDirectoryServers            : {neotokyodc.neotokyo.net}
RIDMaster                          : neotokyodc.neotokyo.net
SubordinateReferences              : {DC=ForestDnsZones,DC=neotokyo,DC=net, 
DC=DomainDnsZones,DC=neotokyo,DC=net, 
                                     CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer                   : CN=System,DC=neotokyo,DC=net
UsersContainer                     : CN=Users,DC=neotokyo,DC=net


Thanks for any advice and help

best regard





 

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to