Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Herwono W Wijaya writes: > > > Tomorrow I will try to capture Univention LDAP traffic with > wireshark, and if possible I will try also this FreeIPA with vCenter > 6. Since I became one of the private beta testers so I had vCenter Any updates on this? I am getting the same issue i

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 09:13 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson > wrote: [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101 nentries=2 etime=0 notes=P [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND [06/Mar

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Tomorrow I will try to capture Univention LDAP traffic with wireshark, and if possible I will try also this FreeIPA with vCenter 6. Since I became one of the private beta testers so I had vCenter 6. On 3/7/15 1:34 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson wrote: > > And so we can then change the preface that at this moment explicitly > contains: > " > Preface > The environment used to write this document is based on pure vSphere 5.1, > used in trial mode with vCenter server configured as a virtual a

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 7:06 PM, Rich Megginson wrote: > On 03/06/2015 11:02 AM, Gianluca Cecchi wrote: > > On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson > wrote: > >> On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: >> >> vCenter SSO works well with Univention LDAP. >> >> >> Then set up a wi

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 11:02 AM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson > wrote: On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention LDAP. Then set up a wireshark session to capture traffic betwee

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 6:21 PM, Rich Megginson wrote: > On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: > > vCenter SSO works well with Univention LDAP. > > > Then set up a wireshark session to capture traffic between vCenter SSO and > Univention LDAP, then do the same with vCenter SSO and IPA.

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 09:39 AM, Herwono W Wijaya wrote: vCenter SSO works well with Univention LDAP. Then set up a wireshark session to capture traffic between vCenter SSO and Univention LDAP, then do the same with vCenter SSO and IPA. Then we can compare the TCP traffic dumps. Here I want to mak

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

vCenter SSO works well with Univention LDAP. Here I want to make sure if FreeIPA can work with vCenter SSO, because I read it on this page: http://www.freeipa.org/page/HowTo/vsphere5_integration And thanks for the help and answer any questions from me. Have a nice day. On 3/6/15 11:23 PM, Ric

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson wrote: > > > [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101 nentries=2 > etime=0 notes=P > [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND > [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1 > > vCenter SSO error: > Error:

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 09:01 AM, Herwono W Wijaya wrote: this result from #strings /usr/lib/openldap/slapd | grep "1.3.6.1.4" Sorry, I should have been much more explicit about what you need to do: 1) Are you a VMWare customer with a paid support contract? If so, then contact VMWare support - ask the

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

this result from #strings /usr/lib/openldap/slapd | grep "1.3.6.1.4" On 3/6/15 10:40 PM, Rich Megginson wrote: On 03/06/2015 07:54 AM, Herwono W Wijaya wrote: FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn="uid=admin,cn=users,cn=compat,dc=server,dc=local" method=128 version=3

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 07:54 AM, Herwono W Wijaya wrote: FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn="uid=admin,cn=users,cn=compat,dc=server,dc=local" method=128 version=3 [06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accou

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

FreeIPA logs: [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND dn="uid=admin,cn=users,cn=compat,dc=server,dc=local" method=128 version=3 [06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=server,dc=local" [06/Mar/2015:21:51:15 +07

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

sorry my mistake, okay I'll check slapd log files and try to figure out what happened On 3/6/15 8:43 PM, Martin Kosek wrote: This is the directory on FreeIPA server that the vCenter is authenticating useres against. On 03/06/2015 02:40 PM, Herwono W Wijaya wrote: there is no directory "/var/

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

This is the directory on FreeIPA server that the vCenter is authenticating useres against. On 03/06/2015 02:40 PM, Herwono W Wijaya wrote: there is no directory "/var/log/dirsrv/" in 5.5u2b version On 3/6/15 8:34 PM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek mailto:m

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

there is no directory "/var/log/dirsrv/" in 5.5u2b version On 3/6/15 8:34 PM, Gianluca Cecchi wrote: On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek > wrote: Ah, I am not sure what control do they mean. But in general, when, it is always interesting to check the

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek wrote: > Ah, I am not sure what control do they mean. > > But in general, when, it is always interesting to check the LDAP access > logs to see the last failed request and then try the same search with > ldapsearch and fix things. > > Martin > > see my

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Ah, I am not sure what control do they mean. But in general, when, it is always interesting to check the LDAP access logs to see the last failed request and then try the same search with ldapsearch and fix things. Martin On 03/06/2015 02:09 PM, Herwono W Wijaya wrote: Gianluca's method not

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

I am glad you have it working. However, I would like to discourage from this another method as this way, you would need to maintain uniqueMember attribute yourself. FreeIPA only maintains the "member" attribute. I would recommend using the Gianluca's method in http://www.freeipa.org/page/HowTo/

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On Fri, Mar 6, 2015 at 8:34 AM, Martin Kosek wrote: > On 03/06/2015 04:38 AM, Herwono W Wijaya wrote: > >> Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user >> can be >> used and always get an error for other users. >> > > You mean admin user from vCenter, not admin user fro

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/06/2015 04:38 AM, Herwono W Wijaya wrote: Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be used and always get an error for other users. You mean admin user from vCenter, not admin user from FreeIPA, right? Did you follow this HOWTO: http://www.freeipa.org/p

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

On 03/05/2015 10:38 PM, Herwono W Wijaya wrote: Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be used and always get an error for other users. Can you check without full name? It seems like the name is expanded twice. -- Thank you, Dmitri Pal Sr. Engineering Ma