HPE Storage Users Group https://www.3parug.com/ |
|
LDAP Auth issue in 3.1.2 MU2 https://www.3parug.com/viewtopic.php?f=18&t=400 |
Page 1 of 1 |
Author: | mgaston [ Wed Aug 21, 2013 6:01 pm ] |
Post subject: | LDAP Auth issue in 3.1.2 MU2 |
Has anyone tried configuring LDAP auth in InForm OS 3.1.2 and been successful? I am trying to setup LDAP auth on a 7200 using the same configuration we have on our v400 running 3.1.1 and it's giving me fits. I keep getting this error on the 7200 when using checkpassword. + authorization denied: Operations error I have verified that the configs are identical between the two systems using the showauthparam. Any suggestions? |
Author: | mgaston [ Thu Aug 22, 2013 11:34 am ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
Ok, I figured this one out myself. If you change ldap-port to 3268 in OS 3.1.2 MU2 you can search the root of the domain but must select an OU if you use ldap-port 389. Behavior seems to have changed from OS 3.1.1 to 3.1.2 but that's what's working now. Just thought I'd share. |
Author: | Richard Siemers [ Fri Aug 23, 2013 3:46 pm ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
Thanks for sharing. We just added a new 7200 with 3.1.2 MU1 and the same old setup notes I made from 2.2.4 still work, so perhaps its a change in MU2. |
Author: | hdtvguy [ Tue Feb 18, 2014 11:45 am ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
I am struggling to get LDAP authentication set up on 3.1.2. MU2. I have followed some of the posts on this forums but still have issues. The below is the output of what my settings are. I have an AD group (3parscripts) in the "something" OU and the user account is in the same OU I have tried domain-name-prefix with InServDomain= and !InServDomain= and made sure the description contains InServDomain= ldap-server 10.1.x.x ldap-ssl 0 account-obj user allow-ssh-key 0 account-name-attr sAMAccountName sasl-mechanism GSSAPI accounts-dn OU=something,OU=admins,DC=company,DC=com memberof-attr memberOf ldap-port 389 kerberos-realm company.com edit-map CN=3parscripts,OU=something,OU=admins,DC=company,DC=com domain-name-attr description binding sasl ldap-server-hn ldap.company.com group-obj group domain-name-prefix InServDomain= Any help would be appreciated. |
Author: | Richard Siemers [ Mon Feb 24, 2014 6:02 pm ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
check your kerberos realm... it is case sensitive. Mine was all caps. |
Author: | NathanBell [ Fri Feb 28, 2014 2:44 pm ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
We ran into the same issue with the KERBEROS realm, they are most definitely case sensitive. |
Author: | hdtvguy [ Fri Feb 28, 2014 3:25 pm ] |
Post subject: | Re: LDAP Auth issue in 3.1.2 MU2 |
Go it ti work with AD without all th Kerberos realm stuff by using simple mode. I substituted our data with generic names, but it was as simple as the following steps to get AD authentication working to provide edit permissions to an AD account in a specific OU under another OU. setauthparam -f ldap-server 192.168.0.1 setauthparam -f ldap-server-hn servername.aaa.com setauthparam -f binding simple setauthparam -f user-attr DOMAINNAME\\ setauthparam -f accounts-dn OU=yyy,OU=zzz,DC=aaa,DC=com setauthparam -f account-obj user setauthparam -f account-name-attr SAMAccountName setauthparam -f memberof-attr memberOf setauthparam edit-map CN=xxx,OU=yyy,OU=zzz,DC=aaa,DC=com |
Page 1 of 1 | All times are UTC - 5 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |