On 27.2.2013 04:07, Артур Файзуллин wrote:
Ok! I will try :) but would you give me some advice :) what configs to
put. should I use:
Well, we don't know anything about AAM. This is freeipa-users list :-)
We can try to give you some advices if you provide links to documentation for
exact AAM version you use.
My best guess (without looking to AAM docs):
* "Use LDAP Servers for Authentication and Authorization"
* "Use DNS to find LDAP Servers"
and put here domain name if IPA-server?
* should in "Active Directory Settings" Enhanced role-based security be
I would disable any AD specific things (at least for the beginning).
> And what means AMM Target Name?
I don't have an idea. Please consult AAM docs.
Question is what "root" means in IBM's world. FreeIPA domain "example.com" has
root of LDAP tree at "dc=example,dc=com". You can try also
* root dn = something like this dc=example,dc=com ?
* Binding method which one to choose?
w/ Configured Credentials
I guess: This method will use special account created specifically for AAM.
I guess: This method will try to do LDAP BIND with credentials provided by
user for particular login attempt. I would prefer this method.
w/ Login Credentials
Some questions may be stupid, but I want to be sure in them :)
I really don't know AAM specifics. Please read all AAM's documentation you
find and try various settings. We can provide general advices and publish your
findings on freeipa.org.
Any contributions welcome!
В Вт., 26/02/2013 в 12:41 +0100, Petr Spacek пишет:
On 26.2.2013 11:49, Артур Файзуллин wrote:
Is there any result? I try same thing with my AMM and IPA
Unfortunately, we don't have sufficient information to give you any advice.
Please, try to provide output from a sniffer as I asked in last reply. Then we
will try to help you. (You can send the data to me privately, if you want.)
В Пн., 05/11/2012 в 09:32 +0100, Petr Spacek пишет:
On 11/03/2012 01:12 PM, Pavel Zhukov wrote:
Can you do NS lookup of the IPA server from the AMM box?
Can you do kinit from the AMM box against IPA?
Can you do ldapsearch from the AMM box against IPA?
no, AMM has restricted shell and web GUI.
Hmm, that is unfortunate. Can you run tcpdump (or sniffer provided on AMM) on
the link between AMM and IPA server? Because there are no records in access
log I will bet on some name resolution or firewall problem.
Do AMM get right DNS responses (i.e. name and IP address of the IPA server)?
Do AMM established TCP connection with the IPA server?
Do you see anything in the logs from such activity?
Freeipa-users mailing list