On 27.2.2013 04:07, Артур Файзуллин wrote:
Ok! I will try :) but would you give me some advice :) what configs to
put. should I use:
Well, we don't know anything about AAM. This is freeipa-users list :-)
We can try to give you some advices if you provide links to documentation for
exact AAM version you use.
My best guess (without looking to AAM docs):
* "Use LDAP Servers for Authentication and Authorization"
Probably yes.
* "Use DNS to find LDAP Servers"
and put here domain name if IPA-server?
Probably yes.
* should in "Active Directory Settings" Enhanced role-based security be
enabled?
I would disable any AD specific things (at least for the beginning).
> And what means AMM Target Name?
I don't have an idea. Please consult AAM docs.
* root dn = something like this dc=example,dc=com ?
Question is what "root" means in IBM's world. FreeIPA domain "example.com" has
root of LDAP tree at "dc=example,dc=com". You can try also
"cn=users,cn=compat,dc=example,dc=com" and
"cn=users,cn=accounts,dc=ecample,dc=com".
* Binding method which one to choose?
w/ Configured Credentials
I guess: This method will use special account created specifically for AAM.
w/ Login Credentials
I guess: This method will try to do LDAP BIND with credentials provided by
user for particular login attempt. I would prefer this method.
Some questions may be stupid, but I want to be sure in them :)
I really don't know AAM specifics. Please read all AAM's documentation you
find and try various settings. We can provide general advices and publish your
findings on freeipa.org.
Any contributions welcome!
Petr^2 Spacek
В Вт., 26/02/2013 в 12:41 +0100, Petr Spacek пишет:
On 26.2.2013 11:49, Артур Файзуллин wrote:
And what?
Is there any result? I try same thing with my AMM and IPA
Unfortunately, we don't have sufficient information to give you any advice.
Please, try to provide output from a sniffer as I asked in last reply. Then we
will try to help you. (You can send the data to me privately, if you want.)
Petr^2 Spacek
В Пн., 05/11/2012 в 09:32 +0100, Petr Spacek пишет:
On 11/03/2012 01:12 PM, Pavel Zhukov wrote:
Can you do NS lookup of the IPA server from the AMM box?
yes
Can you do kinit from the AMM box against IPA?
Can you do ldapsearch from the AMM box against IPA?
no, AMM has restricted shell and web GUI.
Hmm, that is unfortunate. Can you run tcpdump (or sniffer provided on AMM) on
the link between AMM and IPA server? Because there are no records in access
log I will bet on some name resolution or firewall problem.
Do AMM get right DNS responses (i.e. name and IP address of the IPA server)?
Do AMM established TCP connection with the IPA server?
--
Petr^2 Spacek
Do you see anything in the logs from such activity?
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
