Thanks Simo. I've downloaded ca.crt from FreeIPA, converted it to der format, imported to AMM and enabled SSL. But nothing happened, I cannot login to AMM with FreeIPA credentials and cannot see any errors or access records still... DNS has been checked and works (integrated with IPA).
-- Best regards, Pavel Zhukov mailto:pa...@zhukoff.net On Thu, 01 Nov 2012, Simo Sorce wrote: > On Thu, 2012-11-01 at 15:55 -0400, Simo Sorce wrote: > > On Thu, 2012-11-01 at 08:27 +0400, Pavel Zhukov wrote: > > > Hi all. > > > I'd like to use FreeIPA for AMM (advanced management module) user > > > management using this instruction . I enabled option "use DNS for > > > find LDAP servers" and set root DN and Binding method "w/ Login > > > Credentials" but cannot login with IPA credentials. Logs of dirsrv > > > and kerberos are empty. DNS server works correctly. > > > > > >  - > > > http://publib.boulder.ibm.com/infocenter/bladectr/documentation/index.jsp?topic=/com.ibm.bladecenter.advmgtmod.doc/kp1bb_bc_mmug_configldap_ADrolebasedauthen.html > > > > I am not sure that bind w/ Login Credentials will work properly if they > > assume Active Directory. > > AD has a non standard authentication method that allows to not use a DN > > to identify a user. We do not support that authentication method. > > > > However you should at least see the bind attempt and an error message in > > the dirsrv access log. > > > > If you do not see that then something else is broken before a bind is > > even attempted, perhaps DNS discovery ? > > Ah btw, have you enabled SSL ? > FreeIPA enforces that simple binds be done on an encrypted channel.If > you try to bind with plain text credentials on an unencrypted channel > FreeIPA simply returns an error. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users