Den 2017-11-05 kl. 11:45, skrev anpk:
Hello together,
i have setup a litte Testlab at home with Foreman 1.14.3 (CentOS7) and
an Active Directory (Windows Server 2016).
Now i want to setup the LDAP AD Authentication, but i cant bring it
running.
The Foreman Server is alredy a realm member of the Windows Active
Directory. I can login on CentOS with Windows AD Users. That works fine.
But when i setup the AD Authentication in foreman, i cant login with
the AD-User in the Foreman Webinterface. I tryed it with
"DOMAIN\User" and "User". He just the username or password is wrong,
not very helpful. And i dont know in wich logs i can get more
informations about it.
This Settings iam using:
|
LDAP Server:
-------------
Name:neotokyo.net # Just a name
Server:neotokyodc # NetBios name of my VM
LDAPS:[]
Port:389
Servertype:ActiveDirectory
Account:
-------------
Accountusername:Administrator#AD Administrator eq. to
NEOTOKYO\Administrator on Windows AD.
Accountpassword:givenPassword
BaseDN:CN=Users,DC=neotokyo,DC=net
GroupbaseDN:CN=Users,DC=neotokyo,DC=net
LDAP Filter:[]
Automaticallycreate accounts inForeman:[X]
Usergroupsync:[X]
Attributemappings:
---------------
Loginname attribute:userPrincipalName
Firstname attribute:givenName
Surnameattribute:sn
E-MailAdressattribute:mail
|
Have you tried to use the full address as server? Ie.
neotokyodc.netokyo.net instead of just neotokyodc? Maybe you the
DOMAINNAME\Username instead of just Administrator?
I see you used userPrincipalName as loginname. Then you need to use the
name in that attributes. Usually Username@domain (i.e.
[email protected]).
If you want to login using your "short-name" you need to use
sAMAccountName as your login attribute.
The Attribute mappings i just copied from the original documentation.
And here are informations about my Testlab-AD:
|
AllowedDNSSuffixes : {}
ChildDomains : {}
ComputersContainer : CN=Computers,DC=neotokyo,DC=net
DeletedObjectsContainer : CN=Deleted Objects,DC=neotokyo,DC=net
DistinguishedName : DC=neotokyo,DC=net
DNSRoot : neotokyo.net
DomainControllersContainer : OU=Domain
Controllers,DC=neotokyo,DC=net
DomainMode : Windows2016Domain
DomainSID : S-1-5-21-2829910196-628102167-1224678811
ForeignSecurityPrincipalsContainer :
CN=ForeignSecurityPrincipals,DC=neotokyo,DC=net
Forest : neotokyo.net
InfrastructureMaster : neotokyodc.neotokyo.net
LastLogonReplicationInterval :
LinkedGroupPolicyObjects :
{CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=neotokyo,DC=ne
t}
LostAndFoundContainer : CN=LostAndFound,DC=neotokyo,DC=net
ManagedBy :
Name : neotokyo
NetBIOSName : NEOTOKYOa
ObjectClass : domainDNS
ObjectGUID : dd54fb48-c869-416e-b29f-b7463dfed283
ParentDomain :
PDCEmulator : neotokyodc.neotokyo.net
PublicKeyRequiredPasswordRolling : True
QuotasContainer : CN=NTDS Quotas,DC=neotokyo,DC=net
ReadOnlyReplicaDirectoryServers : {}
ReplicaDirectoryServers : {neotokyodc.neotokyo.net}
RIDMaster : neotokyodc.neotokyo.net
SubordinateReferences : {DC=ForestDnsZones,DC=neotokyo,DC=net,
DC=DomainDnsZones,DC=neotokyo,DC=net,
CN=Configuration,DC=neotokyo,DC=net}
SystemsContainer : CN=System,DC=neotokyo,DC=net
UsersContainer : CN=Users,DC=neotokyo,DC=net
|
--
You received this message because you are subscribed to the Google Groups "Foreman
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
