Hi John On Wed, 15 Jun 2016 13:23:15 -0700 (PDT) John Test <johntest...@gmail.com> wrote: > Hello > > I am following this section on creating AD LDAPS auth for foreman > https://theforeman.org/manuals/1.11/index.html#4.1WebInterface > > This is secure LDAP and here is how I exported the cert from AD > > 1. Go to Active Directory certificate authority MMC > 2. right click CA -> all tasks -> backup CA > 3. select "private key and CA certificate" > 4. no password specific > 5. Finish > > I take this and put it in > > /usr/local/share/ca-certificates/ > > Then I issue command > > update-ca-certificates > > It says it added a cert. > > I go back on foreman and try to login with AD creds. no go. [...]
Can you provide some more details? I guess you're running Foreman on Debian / Ubuntu? Do you get the error message regarding untrusted / not able to verify connection? Perhaps some intermediate certs of your CA are missing. You can also extract the certificates through the following way: # echo | openssl s_client -showcerts -connect $DC_FQDN:636 Try to combine the intermediate and root CA certs into one file. Cheers Michael -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
pgplhEWZtvhdE.pgp
Description: OpenPGP digital signature
