Unsolved
This post is more than 5 years old
5 Posts
0
38918
August 21st, 2014 09:00
Dell M1000e Active Directory Integration
Hi,
I have currently configured a new M1000e which went fine, however I am unable to get the user authentication to work with Microsoft Active Directory (Standard Schema).
I have search every article on the internet without success.
- Type of directory:
- Microsoft Active Directory (Standard Schema) checked.
- Common Settings:
- Enable Active Directory: checked.
- Certificate Validation Enabled: not checked
- Root Domain Name: sub.domain.local
- AD Timeout: 120 seconds
- Specify AD Server to search (Optional): checked.
- Domain Controller: dc01.sub.domain.local
- Global Catalog: dc01.sub.domain.local
- Standard Schema Settings:
- Group Name: CMC_Remote_Control
- Group domain: sub.domain.local
- Group Privilege: Administrator
- Manage Certificates:
Left Black
- Kerberos Keytab:
- Left blank.
Here are the logs:
$ testfeature -f adkrb -u username@domain
[check]: (syntax) Verify command syntax: PASSED
[check]: (system) Verify needed system resources: PASSED
[check]: (setup) Validate AD configuration: FAILED
ERROR - (setup) Smart Card or SSO is NOT enabled
[check]: (setup) Verify SSL certificate files exist: PASSED
[check]: (rip) Reverse IP lookup for CMC, AD and GC FQDN: FAILED
ERROR - (rip) Unable to obtain CMC FQDN from DNS
ERROR - (rip) Unable to obtain AD server FQDN from DNS
Is the issue with DNS?
0 events found
DELL-Chris H
7 Practitioner
•
9.7K Posts
0
August 21st, 2014 12:00
C10gue,
The issue appears to be with the domain name being provided by the DNS server.
The errors:
ERROR - (rip) Unable to obtain CMC FQDN from DNS
ERROR - (rip) Unable to obtain AD server FQDN from DNS
are both stating that there isn't a Fully Qualified Domain Name(FQDN) being received by the CMC or AD.
I would start by checking the domain name format, the requirements for a FQDN are a domain name with everything required to unambiguously resolve it. After that you may want to verify connectivity between the two.
Let me know what you find.
c10gue
5 Posts
0
August 21st, 2014 16:00
Thanks for the reply.
I've managed to resolve the DNS issues as below but still getting AD Authentication error:
$ testfeature -f adkrb -u user@domain
[check]: (syntax) Verify command syntax: PASSED
[check]: (system) Verify needed system resources: PASSED
[check]: (setup) Validate AD configuration: FAILED
ERROR - (setup) Smart Card or SSO is NOT enabled
[check]: (setup) Verify SSL certificate files exist: PASSED
[check]: (rip) Reverse IP lookup for CMC, AD and GC FQDN: PASSED
[check]: (keytab) Verify Keytab principal: FAILED
ERROR - (keytab): Keytab file missing
Test Failed
Here are the logs:
Aug 21 23:16:04 webcgi[24312]: ActiveDirectoryAuthenticate: user: user is, domain: domain, AD type: 2
Aug 21 23:16:04 webcgi[24312]: userDomain:
Aug 21 23:16:04 webcgi[24312]: Found AD servers to search:
Aug 21 23:16:04 webcgi[24312]: AD server:
Aug 21 23:16:04 webcgi[24312]: ldap_ssl_init( , 636 )
Aug 21 23:16:04 webcgi[24312]: Warning: SSL certificate verification is d isabled
Aug 21 23:16:04 webcgi[24312]: LDAP client: Simple Bind Failure - Can't c ontact LDAP server: (-1)
Aug 21 23:16:04 webcgi[24312]: ldap_client_api.c,468: Bind SSL Failed!
Aug 21 23:16:04 webcgi[24312]: openldap_err2adquery: Can't contact LDAP s erver: -1
Aug 21 23:16:04 webcgi[24312]: SD: , port: 636, prv: 0, rt: 2458 2
Aug 21 23:16:04 webcgi[24312]: Found GC servers for search:
Aug 21 23:16:04 webcgi[24312]: GC server:
Aug 21 23:16:04 webcgi[24312]: SSAD GC Query.
Aug 21 23:16:04 webcgi[24312]: ldap_ssl_init( *.*.*,*, 3269 )
Aug 21 23:16:04 webcgi[24312]: Warning: SSL certificate verification is d isabled
Aug 21 23:16:04 webcgi[24312]: LDAP client: Simple Bind Failure - Can't c ontact LDAP server: (-1)
Aug 21 23:16:04 webcgi[24312]: ldap_client_api.c,468: Bind SSL Failed!
Aug 21 23:16:04 t webcgi[24312]: openldap_err2adquery: Can't contact LDAP s erver: -1
Aug 21 23:16:04 : Domain user authen. fails, err: 24582
Aug 21 23:16:05 : Login failed (username=user@domain, ip=*.* .*.*, error=0x00006006, type=GUI)
c10gue
5 Posts
0
September 1st, 2014 10:00
Still no luck with this, Dell support don't want to know.