Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-10-06 Thread Ryan Belgrave
Herwono W Wijaya writes: > > > Tomorrow I will try to capture Univention LDAP traffic with > wireshark, and if possible I will try also this FreeIPA with vCenter > 6. Since I became one of the private beta testers so I had vCenter Any updates on this? I am getting the

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn=uid=admin,cn=users,cn=compat,dc=server,dc=local method=128 version=3 [06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=uid=admin,cn=users,cn=accounts,dc=server,dc=local [06/Mar/2015:21:51:15 +0700]

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Martin Kosek
Ah, I am not sure what control do they mean. But in general, when, it is always interesting to check the LDAP access logs to see the last failed request and then try the same search with ldapsearch and fix things. Martin On 03/06/2015 02:09 PM, Herwono W Wijaya wrote: Gianluca's method not

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Gianluca Cecchi
On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek mko...@redhat.com wrote: Ah, I am not sure what control do they mean. But in general, when, it is always interesting to check the LDAP access logs to see the last failed request and then try the same search with ldapsearch and fix things. Martin

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Martin Kosek
This is the directory on FreeIPA server that the vCenter is authenticating useres against. On 03/06/2015 02:40 PM, Herwono W Wijaya wrote: there is no directory /var/log/dirsrv/ in 5.5u2b version On 3/6/15 8:34 PM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
there is no directory /var/log/dirsrv/ in 5.5u2b version On 3/6/15 8:34 PM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek mko...@redhat.com mailto:mko...@redhat.com wrote: Ah, I am not sure what control do they mean. But in general, when, it is always

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
sorry my mistake, okay I'll check slapd log files and try to figure out what happened On 3/6/15 8:43 PM, Martin Kosek wrote: This is the directory on FreeIPA server that the vCenter is authenticating useres against. On 03/06/2015 02:40 PM, Herwono W Wijaya wrote: there is no directory

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Rich Megginson
On 03/06/2015 07:54 AM, Herwono W Wijaya wrote: FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn=uid=admin,cn=users,cn=compat,dc=server,dc=local method=128 version=3 [06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
this result from #strings /usr/lib/openldap/slapd | grep 1.3.6.1.4 On 3/6/15 10:40 PM, Rich Megginson wrote: On 03/06/2015 07:54 AM, Herwono W Wijaya wrote: FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn=uid=admin,cn=users,cn=compat,dc=server,dc=local method=128 version=3

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
vCenter SSO works well with Univention LDAP. Here I want to make sure if FreeIPA can work with vCenter SSO, because I read it on this page: http://www.freeipa.org/page/HowTo/vsphere5_integration And thanks for the help and answer any questions from me. Have a nice day. On 3/6/15 11:23 PM,

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Gianluca Cecchi
On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson rmegg...@redhat.com wrote: [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101 nentries=2 etime=0 notes=P [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1 vCenter SSO

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Rich Megginson
On 03/06/2015 09:01 AM, Herwono W Wijaya wrote: this result from #strings /usr/lib/openldap/slapd | grep 1.3.6.1.4 Sorry, I should have been much more explicit about what you need to do: 1) Are you a VMWare customer with a paid support contract? If so, then contact VMWare support - ask them

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Gianluca Cecchi
On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson rmegg...@redhat.com wrote: On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention LDAP. Then set up a wireshark session to capture traffic between vCenter SSO and Univention LDAP, then do the same with vCenter

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Herwono W Wijaya
Tomorrow I will try to capture Univention LDAP traffic with wireshark, and if possible I will try also this FreeIPA with vCenter 6. Since I became one of the private beta testers so I had vCenter 6. On 3/7/15 1:34 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Rich Megginson
On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention LDAP. Then set up a wireshark session to capture traffic between vCenter SSO and Univention LDAP, then do the same with vCenter SSO and IPA. Then we can compare the TCP traffic dumps. Here I want to

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Natxo Asenjo
On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson rmegg...@redhat.com wrote: On 03/06/2015 11:02 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson rmegg...@redhat.com wrote: On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Gianluca Cecchi
On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson rmegg...@redhat.com wrote: And so we can then change the preface that at this moment explicitly contains: Preface The environment used to write this document is based on pure vSphere 5.1, used in trial mode with vCenter server configured as

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Rich Megginson
On 03/06/2015 11:02 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention LDAP. Then set up a wireshark session to

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Rich Megginson
On 03/06/2015 09:13 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101 nentries=2 etime=0 notes=P [06/Mar/2015:21:51:15 +0700] conn=30 op=2

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-06 Thread Gianluca Cecchi
On Fri, Mar 6, 2015 at 8:34 AM, Martin Kosek mko...@redhat.com wrote: On 03/06/2015 04:38 AM, Herwono W Wijaya wrote: Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be used and always get an error for other users. You mean admin user from vCenter, not admin

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-05 Thread Martin Kosek
On 03/06/2015 04:38 AM, Herwono W Wijaya wrote: Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be used and always get an error for other users. You mean admin user from vCenter, not admin user from FreeIPA, right? Did you follow this HOWTO:

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

2015-03-05 Thread Dmitri Pal
On 03/05/2015 10:38 PM, Herwono W Wijaya wrote: Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be used and always get an error for other users. Can you check without full name? It seems like the name is expanded twice. -- Thank you, Dmitri Pal Sr. Engineering