[Freeipa-users] qradar UBA to IPA

Sean Hogan schogan at us.ibm.com
Mon May 8 20:47:02 UTC 2017 

Thanks Michael,

Yes sir,  the qradar box is able to hit the ipa server on 389 and 636 with
success via telnet.



Sean Hogan










From:	Michael Plemmons <michael.plemmons at crosschx.com>
To:	freeipa-users <freeipa-users at redhat.com>
Date:	05/08/2017 01:21 PM
Subject:	Re: [Freeipa-users] qradar UBA to IPA
Sent by:	freeipa-users-bounces at redhat.com



>From the server running Qradar can you ping the IPA server?  Are you able
to telnet to port 389 or 636 of the IPA server.  The error says it can't
contact the LDAP server which usually means you have not gotten to the
point of authentication yet.




Mike Plemmons | Senior DevOps Engineer | CROSSCHX
614.427.2411
mike.plemmons at crosschx.com
www.crosschx.com

On Mon, May 8, 2017 at 3:31 PM, Sean Hogan <schogan at us.ibm.com> wrote:
  Hello IPA,

  I am trying to set up User Behavioral analytics from Qradar to IPA.
  Having some issues with it after we got 389 and 636 open between the
  nets.

  Qradar Console is not in IPA and on differ net although we do have comms
  on 389 and 636 now
  ipa-server-3.0.0-50.el6.1.x86_64


  I set up an account in IPA with no HBACS or anything and just gave it a
  IPA role to read data which we use in the below config.
  Getting
  file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1CFC0CDDB6F2F123.jpg


  URL I have them using ldaps://IPofIPAserver.example.com
  BaseDN dc=example,dc=local
  filter users,cn=accounts,$Suffix
  attributes are left default
  username is the user i made in ipa
  pw is the pw I made in ipa


  file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE
$1B778A1810D34E76.jpg


  Has anyone attempted this or have any sample configs to play with or see
  anything I am doing incorrect?




  Sean Hogan







  --
  Manage your subscription for the Freeipa-users mailing list:
  https://www.redhat.com/mailman/listinfo/freeipa-users
  Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C741579.jpg
Type: image/jpeg
Size: 27085 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C350018.gif
Type: image/gif
Size: 1650 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C022296.jpg
Type: image/jpeg
Size: 2728 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C340608.jpg
Type: image/jpeg
Size: 16331 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/ea87798c/attachment-0002.jpg>

More information about the Freeipa-users mailing list