Re: [Freeipa-users] Revisiting ILO

Dmitri Pal Wed, 06 Nov 2013 04:28:30 -0800

On 11/05/2013 02:51 PM, KodaK wrote:
> If I use the whole connection string:
>
> uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>
> I can authenticate.


Does this count as SOLVED?
If so can you please reply with the SOLVED in the subject?

>
>
> On Tue, Nov 5, 2013 at 1:40 PM, KodaK <sako...@gmail.com
> <mailto:sako...@gmail.com>> wrote:
>
>     I'm attempting to get HP ILO authenticating against IPA again.
>
>     I've configured the user context in ILO as:
>
>     cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>
>     When ILO tries to connect, it sends the string:
>
>     CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>
>     Which, of course, doesn't exist.  IPA uses uid=<username>, but as
>     far as I can tell I can't tell ILO to use a different username
>     attribute.  It doesn't even look like it's trying to use a
>     username attribute.
>
>     I've tried to force it to look for uid=jebalicki by using
>     "uid=jebalicki" in the login field, but that fails too.  The
>     errors in the errors log look like this:
>
>
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file
>     ipa_lockout.c, line 645]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>     [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file
>     ipa_lockout.c, line 421]: Failed to retrieve entry
>     "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com":
>     32
>
>     And the access log looks like this:
>
>     [05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL
>     connection from 10.200.10.192 to 10.200.16.170
>     [05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES
>     [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND
>     dn="uid=jebalicki" method=128 version=2
>     [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97
>     nentries=0 etime=0
>     [05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND
>     
> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
>     method=128 version=2
>     [05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97
>     nentries=0 etime=1
>     [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND
>     [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1
>     [05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL
>     connection from 10.200.10.192 to 10.200.16.170
>     [05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES
>     [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND
>     dn="uid=jebalicki" method=128 version=2
>     [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97
>     nentries=0 etime=0
>     [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND
>     [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1
>     [05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL
>     connection from 10.200.10.192 to 10.200.16.170
>     [05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES
>     [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND
>     
> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
>     method=128 version=2
>     [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97
>     nentries=0 etime=0
>     [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND
>     [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1
>
>     Is there any way to force things on the IPA side?  Can I
>     automatically attach on the necessary components to the provided
>     username?
>
>
>
>
> -- 
> The government is going to read our mail anyway, might as well make it
> tough for them.  GPG Public key ID:  B6A1A7C6
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Revisiting ILO

Reply via email to