[Freeipa-users] Revisiting ILO
KodaK
sakodak at gmail.com
Tue Nov 5 19:40:37 UTC 2013
I'm attempting to get HP ILO authenticating against IPA again.
I've configured the user context in ILO as:
cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
When ILO tries to connect, it sends the string:
CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
Which, of course, doesn't exist. IPA uses uid=<username>, but as far as I
can tell I can't tell ILO to use a different username attribute. It
doesn't even look like it's trying to use a username attribute.
I've tried to force it to look for uid=jebalicki by using "uid=jebalicki"
in the login field, but that fails too. The errors in the errors log look
like this:
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "jebalicki": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry "uid=jebalicki": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
645]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line
421]: Failed to retrieve entry
"CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
And the access log looks like this:
[05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL connection
from 10.200.10.192 to 10.200.16.170
[05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES
[05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND dn="uid=jebalicki"
method=128 version=2
[05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97
nentries=0 etime=0
[05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND
dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
method=128 version=2
[05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97
nentries=0 etime=1
[05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND
[05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1
[05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL connection
from 10.200.10.192 to 10.200.16.170
[05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES
[05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND dn="uid=jebalicki"
method=128 version=2
[05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97
nentries=0 etime=0
[05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND
[05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1
[05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL connection
from 10.200.10.192 to 10.200.16.170
[05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES
[05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND
dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
method=128 version=2
[05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97
nentries=0 etime=0
[05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND
[05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1
Is there any way to force things on the IPA side? Can I automatically
attach on the necessary components to the provided username?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131105/9c9f5cef/attachment.htm>
More information about the Freeipa-users
mailing list