Hello,
I need to configure the Active Directory Authentication but unsuccessfully... I am using a PowerEdge M1000e CMC Version 4.20. My domain controllers are Windows 2003.
What I've done is, on Directory Services settings I configured:
- Type of directory:
- Microsoft Active Directory (Standard Schema) checked.
- Common Settings:
- Enable Active Directory: checked.
- Certificate Validation Enabled: checked.
- Root Domain Name: sub.domain.local
- AD Timeout: 120 seconds
- Specify AD Server to search (Optional): checked.
- Domain Controller: dc01.sub.domain.local
- Global Catalog: dc01.sub.domain.local
- Standard Schema Settings:
- Group Name: CMC_Remote_Control
- Group domain: sub.domain.local
- Group Privilege: Administrator
- Manage Certificates:
- Was upload the dc01.sub.domain.local computer certificate issued by the Domain CA without the private key.
- Kerberos Keytab:
- Left blank.
Follow the output of the testfeature -f adkrb command:
$ testfeature -f adkrb -u user@sub.domain.local
[check]: (syntax) Verify command syntax: PASSED
[check]: (system) Verify needed system resources: PASSED
[check]: (setup) Validate AD configuration: FAILED
ERROR - (setup) Smart Card or SSO is NOT enabled
[check]: (setup) Verify SSL certificate files exist: PASSED
[check]: (rip) Reverse IP lookup for CMC, AD and GC FQDN: PASSED
[check]: (keytab) Verify Keytab principal: FAILED
ERROR - (keytab): Keytab file missing
Test Failed
Follow the logs got via gettracelog:
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: ActiveDirectoryAuthenticate: user: user, domain: sub.domain.local, AD type: 2
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: userDomain: sub.domain.local
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: Found AD servers to search: dc01.sub.domain.local
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: AD server: dc01.sub.domain.local
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: ldap_ssl_init( dc01.sub.domain.local, 636 )
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: LDAP client: Simple Bind Failure - Can't contact LDAP server: (-1)
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: ldap_client_api.c,468: Bind SSL Failed!
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: openldap_err2adquery: Can't contact LDAP server: -1
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: SD: dc01.sub.domain.local, port: 636, prv: 0, rt: 24582
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: Found GC servers for search: dc01.sub.domain.local
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: GC server: dc01.sub.domain.local
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: SSAD GC Query.
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: ldap_ssl_init( dc01.sub.domain.local, 3269 )
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: LDAP client: Simple Bind Failure - Can't contact LDAP server: (-1)
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: ldap_client_api.c,468: Bind SSL Failed!
Sep 26 10:40:46 GWGDDBC01 webcgi[15809]: openldap_err2adquery: Can't contact LDAP server: -1
Sep 26 10:40:46 GWGDDBC01 : Domain user authen. fails, err: 24582
Sep 26 10:40:47 GWGDDBC01 : Login failed (username=sub.domain.local\user, ip=172.22.1.15, error=0x00006006, type=GUI)
Sep 26 10:40:47 GWGDDBC01 webcgi[15799]: session close SID succeeds: sid=40743, User: sub.domain.local\user, IP: 172.22.1.15
Sep 26 10:40:47 GWGDDBC01 : session close succeeds: sid=40743
But if I disabled the option Certificate Validation Enabled: checked on Directory Services settings, I can login. Follow the logs:
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: ActiveDirectoryAuthenticate: user: user, domain: sub.domain.local, AD type: 2
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: userDomain: sub.domain.local
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: Found AD servers to search: dc01.sub.domain.local
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: AD server: dc01.sub.domain.local
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: ldap_ssl_init( dc01.sub.domain.local, 636 )
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: Warning: SSL certificate verification is disabled
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: LDAP client: Simple Bind Successful
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: SD: dc01.sub.domain.local, port: 636, prv: 0, rt: 0
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: Found GC servers for search: dc01.sub.domain.local
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: GC server: dc01.sub.domain.local
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: SSAD GC Query.
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: ldap_ssl_init( dc01.sub.domain.local, 3269 )
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: Warning: SSL certificate verification is disabled
Sep 26 10:43:51 GWGDDBC01 webcgi[22125]: LDAP client: Simple Bind Successful
Sep 26 10:43:52 GWGDDBC01 webcgi[22125]: GC server: dc01.sub.domain.local
Sep 26 10:43:52 GWGDDBC01 webcgi[22125]: legacy privileges = 0x80000fff
Sep 26 10:43:52 GWGDDBC01 webcgi[22125]: extended privileges = 0x00000000
Sep 26 10:43:53 GWGDDBC01 : Login success from 172.22.1.15 (username=sub.domain.local\user, type=GUI, sid=61684)
Could you please guys help me? I found another topic with a similar error but it was not answered:
http://en.community.dell.com/support-forums/servers/f/946/t/19272940.aspx