Thanks much! I just tried this and sure enough everything came alive and started working as soon as I changed the scheme to what Louis posted in his first post.
The only other thing that I will note is that the Dell EMC seems to hard code what is entered for the REALM as the SPN (Service Principle Name). So for example I wanted to put this machine as ds1.la.example....@ny.example.com, however when I type in the host name it automatically put the machine as ds1.ny.example....@ny.example.com with no way to change it. If I changed what I typed into the REALM, it changed the SPN, but obviously that’s not correct. I had the hosts name in my FreeIPA system as I intended, not as the Dell EMC forces on you, so it wouldn’t authentic correctly. As soon as I changed the machine to what Dell EMC puts as the SPN (it’s a grey box that you cant change), it started working. Also thank you Alexander for the information on the differences in the 389 DS deployment variants and the explanation on how to get that information. This seems to be fixed now! Thanks again. -Kevin > On Sep 7, 2019, at 12:20 AM, Louis Abel via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > A lot of products from vendors actually try to make an assumption on the base > layout of an LDAP installation and configuration since they for the most part > get configured the same way over and over. If you were to setup 389ds by > itself, yes, ou=people,dc=ny,dc=example,dc=com would likely be valid. While > FreeIPA does use 389ds, it sets up its tree in a very specific manner. > > Here's an example of what the base layout looks like (while also showing you > how to get this information using ldapsearch): > > [label@ipa01 ~]$ kinit label > Password for la...@example.net: > [label@ipa01 ~]$ ldapsearch -LLLY GSSAPI -s one dn > SASL/GSSAPI authentication started > SASL username: la...@example.net > SASL SSF: 256 > SASL data security layer installed. > dn: cn=compat,dc=example,dc=net > dn: ou=sudoers,dc=example,dc=net > dn: cn=accounts,dc=example,dc=net > dn: cn=alt,dc=example,dc=net > dn: cn=automount,dc=example,dc=net > dn: cn=hbac,dc=example,dc=net > dn: cn=sudo,dc=example,dc=net > dn: cn=etc,dc=example,dc=net > dn: cn=selinux,dc=example,dc=net > dn: cn=ca,dc=example,dc=net > dn: cn=pbac,dc=example,dc=net > dn: cn=kerberos,dc=example,dc=net > dn: ou=profile,dc=example,dc=net > dn: cn=provisioning,dc=example,dc=net > dn: cn=otp,dc=example,dc=net > dn: cn=radiusproxy,dc=example,dc=net > dn: cn=trusts,dc=example,dc=net > dn: cn=certmap,dc=example,dc=net > dn: cn=dns,dc=example,dc=net > > All accounts live under cn=accounts by default. You'll end up seeing users, > groups, host groups, computer accounts down further. > > [label@ipa01 ~]$ ldapsearch -LLLY GSSAPI -s one -b > 'cn=accounts,dc=example,dc=net' dn > SASL/GSSAPI authentication started > SASL username: la...@example.net > SASL SSF: 256 > SASL data security layer installed. > dn: cn=users,cn=accounts,dc=example,dc=net > dn: cn=groups,cn=accounts,dc=example,dc=net > dn: cn=services,cn=accounts,dc=example,dc=net > dn: cn=computers,cn=accounts,dc=example,dc=net > dn: cn=hostgroups,cn=accounts,dc=example,dc=net > dn: cn=cosTemplates,cn=accounts,dc=example,dc=net > dn: cn=roles,cn=accounts,dc=example,dc=net > dn: cn=views,cn=accounts,dc=example,dc=net > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
