Re: [Freeipa-users] qradar UBA to IPA

2017-05-08 Thread Michael Plemmons 
Your listing of the filter seems incorrect unless that is a copy paste
problem.  You probably want cn=users,cn=accounts, $Suffix.  The filter
listed above shows user,cn=accounts,$Suffix.  I am not familiar with Qradar
but does it need just the uid of the user or does it need the full DN of
the user?




*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Mon, May 8, 2017 at 4:47 PM, Sean Hogan <scho...@us.ibm.com> wrote:

> Thanks Michael,
>
> Yes sir, the qradar box is able to hit the ipa server on 389 and 636 with
> success via telnet.
>
>
>
> Sean Hogan
>
>
>
>
>
>
>
> [image: Inactive hide details for Michael Plemmons ---05/08/2017 01:21:17
> PM--->From the server running Qradar can you ping the IPA ser]Michael
> Plemmons ---05/08/2017 01:21:17 PM--->From the server running Qradar can
> you ping the IPA server? Are you able to telnet to port 389 or
>
> From: Michael Plemmons <michael.plemm...@crosschx.com>
> To: freeipa-users <freeipa-users@redhat.com>
> Date: 05/08/2017 01:21 PM
> Subject: Re: [Freeipa-users] qradar UBA to IPA
> Sent by: freeipa-users-boun...@redhat.com
> --
>
>
>
> From the server running Qradar can you ping the IPA server?  Are you able
> to telnet to port 389 or 636 of the IPA server.  The error says it can't
> contact the LDAP server which usually means you have not gotten to the
> point of authentication yet.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
> 614.427.2411
> *mike.plemm...@crosschx.com* <mike.plemm...@crosschx.com>
> *www.crosschx.com* <http://www.crosschx.com/>
>
> On Mon, May 8, 2017 at 3:31 PM, Sean Hogan <*scho...@us.ibm.com*
> <scho...@us.ibm.com>> wrote:
>
>Hello IPA,
>
>I am trying to set up User Behavioral analytics from Qradar to IPA.
>Having some issues with it after we got 389 and 636 open between the nets.
>
>Qradar Console is not in IPA and on differ net although we do have
>comms on 389 and 636 now
>ipa-server-3.0.0-50.el6.1.x86_64
>
>
>I set up an account in IPA with no HBACS or anything and just gave it
>a IPA role to read data which we use in the below config.
>Getting
>[image:
>
> file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1CFC0CDDB6F2F123.jpg]
>
>URL I have them using ldaps://*IPofIPAserver.example.com*
><http://ipofipaserver.example.com/>
>BaseDN dc=example,dc=local
>filter users,cn=accounts,$Suffix
>attributes are left default
>username is the user i made in ipa
>pw is the pw I made in ipa
>
>
>[image:
>
> file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1B778A1810D34E76.jpg]
>
>Has anyone attempted this or have any sample configs to play with or
>see anything I am doing incorrect?
>
>
>
>
>Sean Hogan
>
>
>
>
>
>
>
>--
>Manage your subscription for the Freeipa-users mailing list:
> *https://www.redhat.com/mailman/listinfo/freeipa-users*
><https://www.redhat.com/mailman/listinfo/freeipa-users>
>Go to *http://freeipa.org* <http://freeipa.org/> for more info on the
>project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] qradar UBA to IPA

2017-05-08 Thread Sean Hogan 

Thanks Michael,

Yes sir,  the qradar box is able to hit the ipa server on 389 and 636 with
success via telnet.



Sean Hogan










From:   Michael Plemmons <michael.plemm...@crosschx.com>
To: freeipa-users <freeipa-users@redhat.com>
Date:   05/08/2017 01:21 PM
Subject:    Re: [Freeipa-users] qradar UBA to IPA
Sent by:freeipa-users-boun...@redhat.com



>From the server running Qradar can you ping the IPA server?  Are you able
to telnet to port 389 or 636 of the IPA server.  The error says it can't
contact the LDAP server which usually means you have not gotten to the
point of authentication yet.




Mike Plemmons | Senior DevOps Engineer | CROSSCHX
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Mon, May 8, 2017 at 3:31 PM, Sean Hogan <scho...@us.ibm.com> wrote:
  Hello IPA,

  I am trying to set up User Behavioral analytics from Qradar to IPA.
  Having some issues with it after we got 389 and 636 open between the
  nets.

  Qradar Console is not in IPA and on differ net although we do have comms
  on 389 and 636 now
  ipa-server-3.0.0-50.el6.1.x86_64


  I set up an account in IPA with no HBACS or anything and just gave it a
  IPA role to read data which we use in the below config.
  Getting
  
file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1CFC0CDDB6F2F123.jpg


  URL I have them using ldaps://IPofIPAserver.example.com
  BaseDN dc=example,dc=local
  filter users,cn=accounts,$Suffix
  attributes are left default
  username is the user i made in ipa
  pw is the pw I made in ipa


  
file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1B778A1810D34E76.jpg


  Has anyone attempted this or have any sample configs to play with or see
  anything I am doing incorrect?




  Sean Hogan







  --
  Manage your subscription for the Freeipa-users mailing list:
  https://www.redhat.com/mailman/listinfo/freeipa-users
  Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] qradar UBA to IPA

2017-05-08 Thread Michael Plemmons 
>From the server running Qradar can you ping the IPA server?  Are you able
to telnet to port 389 or 636 of the IPA server.  The error says it can't
contact the LDAP server which usually means you have not gotten to the
point of authentication yet.





*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com

On Mon, May 8, 2017 at 3:31 PM, Sean Hogan  wrote:

> Hello IPA,
>
> I am trying to set up User Behavioral analytics from Qradar to IPA. Having
> some issues with it after we got 389 and 636 open between the nets.
>
> Qradar Console is not in IPA and on differ net although we do have comms
> on 389 and 636 now
> ipa-server-3.0.0-50.el6.1.x86_64
>
>
> I set up an account in IPA with no HBACS or anything and just gave it a
> IPA role to read data which we use in the below config.
> Getting
> [image:
> file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1CFC0CDDB6F2F123.jpg]
>
> URL I have them using ldaps://IPofIPAserver.example.com
> BaseDN dc=example,dc=local
> filter users,cn=accounts,$Suffix
> attributes are left default
> username is the user i made in ipa
> pw is the pw I made in ipa
>
>
> [image:
> file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1B778A1810D34E76.jpg]
>
> Has anyone attempted this or have any sample configs to play with or see
> anything I am doing incorrect?
>
>
>
>
> Sean Hogan
>
>
>
>
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] qradar UBA to IPA

2017-05-08 Thread Sean Hogan 

Hello IPA,

  I am trying to set up User Behavioral analytics from Qradar to IPA.
Having some issues with it after we got 389 and 636 open between the nets.

Qradar Console is not in IPA and on differ net although we do have comms on
389 and 636 now
ipa-server-3.0.0-50.el6.1.x86_64


I set up an account in IPA with no HBACS or anything and just gave it a IPA
role to read data which we use in the below config.
Getting
file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1CFC0CDDB6F2F123.jpg

URL I have them using ldaps://IPofIPAserver.example.com
BaseDN  dc=example,dc=local
filter users,cn=accounts,$Suffix
attributes are left default
username is the user i made in ipa
pw is the pw I made in ipa


file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1B778A1810D34E76.jpg

Has anyone attempted this or have any sample configs to play with or see
anything I am doing incorrect?




Sean Hogan





-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project