XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. gonzametal
    3. Posts
    G
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 8
    • Best 0
    • Controversial 0
    • Groups 0

    Posts made by gonzametal

    • RE: Active directory authentication

      @dinhngtu LDP is using SSL, and no firewall between, so I think there be a ldaps misconfiguration

      posted in Xen Orchestra
      G
      gonzametal
    • RE: Active directory authentication

      @dinhngtu It is strange.
      The ldapsearch command returns as expected, but openssl s_client returns "no peer certificate available".

      openssl s_client --connect server.domain.ar:636
      CONNECTED(00000003)
      write:errno=104

      no peer certificate available

      No client certificate CA names sent

      SSL handshake has read 0 bytes and written 331 bytes
      Verification: OK

      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent
      Verify return code: 0 (ok)

      No firewall nothing. LDP.exe works fine

      posted in Xen Orchestra
      G
      gonzametal
    • RE: Active directory authentication

      @gonzametal ldp, to 636 port and ssl works fine

      posted in Xen Orchestra
      G
      gonzametal
    • RE: Active directory authentication

      @dinhngtu From Windows, ldp.exe works fine

      posted in Xen Orchestra
      G
      gonzametal
    • RE: Active directory authentication

      @dinhngtu
      uri: ldaps://ad-server.domain.ar

      Certificate Authorities
      item: /usr/local/share/ca-certificates/domain-ca-root.crt

      check certificate: on

      starttls: (tested on or off)

      base: OU=Usuarios,DC=domain,DC=AR

      credentials: xo_ad@domain.ar
      password xxxxxxx

      user fileter: (userPrincipalName={{name}})

      ID attribute*: DN

      test data
      username: test-user@domain.ar
      passwrd: xxxxxxx

      posted in Xen Orchestra
      G
      gonzametal
    • RE: Active directory authentication

      @dinhngtu said in Active directory authentication:

      /usr/local/share/ca-certificates/

      Same error. Put the ca root crt in that folder, complete the item with the path of that cert, checked "ckeck certificate" (try starttls on or off). I think XO do not support the enabled protocols, or something like this. Is there any wat to debug this?

      posted in Xen Orchestra
      G
      gonzametal
    • Active directory authentication

      I need to authenticate users with AD.
      First I need to add de root certificate of the domain CA. How can I do this?
      How can I test bind?
      Is mandatory to use a bind account (Credentials to use before looking for the user record.)??

      I am gettig this error
      plugin.test
      {
      "id": "auth-ldap",
      "data": {
      "username": "user@domain",
      "password": "* obfuscated *"
      }
      }
      {
      "errno": -104,
      "code": "ECONNRESET",
      "syscall": "read",
      "message": "read ECONNRESET",
      "name": "Error",
      "stack": "Error: read ECONNRESET
      at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20)
      at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
      }

      posted in Xen Orchestra
      G
      gonzametal