topic Re: AD auth issues still in HPE OneView

AD auth issues still

CF_EMR — Tue, 20 Jan 2015 11:16:27 GMT

Hi All,

Really struggling to get AD auth to work despite reverting to online help and the forum!

When adding the directory I've verified the search context i'm using using using dsquery -

dsquery user -name svc_oneview

This returns

"CN=svc_oneview,OU=Service Accounts,DC=XXXXXX,DC=com"

Search context has then been configured uisng

Box 1 = CN

Box 2 = OU=Service Accounts

Box3 = DC=XXXXXX,DC=com

If i put anything other than CN in the first box it fails validation. I have tried cn=svc_oneview, just oneview etc but to no avail.

If i go with just CN, when adding the directory group it fails with 'all the servers configured for this directory are unreachable with the given credentials'

Anyone able to help?

Re: AD auth issues still

CF_EMR — Tue, 20 Jan 2015 12:47:17 GMT

No idea what the issue was - working now.

Just removed and re-added all config and all good. Strange but i'll take it!

Re: AD auth issues still

ChrisLynch — Tue, 20 Jan 2015 14:09:54 GMT

While I am glad you are able to get AD auth working, the fields can be a bit confusing. Field 1 value is either UID or CN, with nothing else. This tells the LDAP Client on the appliance what type of directory you are trying to configure; either LDAP (UID) or Active Directory (CN). Field 2 is the base search context (can either be a single nested OU value [i.e. OU=admins,OU=contoso] , or up to 4 contantinated nested OU values [ i.e. OU=admins1,OU=contoso+OU=admins2,OU=contoso+OU=admins3,OU=contosoOU=admins4,OU=contoso]), and Field 3 is the root to the directory where the appliance will bind to (also using Field 2 values.)

Do know that we are working on improvements in this section of the UI.

Re: AD auth issues still

KBengtson — Fri, 30 Jan 2015 15:02:24 GMT

I am curious what version of the OneView appliance are you running?

We are looking to upgrade to v1.20 next week, and AD authentication is part of our upgrade plan.

Re: AD auth issues still

Loïc Bouquet (AA) — Tue, 09 Jun 2015 15:39:58 GMT

Hello,

I had some issue with HP OneView and AD certificate and others authentication.

Always the same message :

"Cannot authenticate the server with the given credentials, search context and certificate.
Verify that the server is active and the user credentials, search context and certificate are correct."

After few hours, i'd decided to reboot. And now all is OK, with same parameters, accounts and certificate.

My DOMAIN is now visible in Oneview.

Version : 1.20.03

Regards,

Loïc

Re: AD auth issues still

Richokc — Fri, 26 Jun 2015 16:54:37 GMT

I am still having issues getting this to work. I have tried about every combination known to man... I can't imagine why HP would put something like this out without detailed documentation on how to set it up. I have been trying to get this working for days now... Always the same errors. I tried the reboot as well since it helped another user... This is what I have setup...

Field 1 CN

Field 2 OU=Users,OU=Domain.com

Field 3 DC=domain,DC=net

(Example:Field1: CN / UID Field2: OU=example.com, OU=Users Field3: DC=examplecorp, DC=net)

I do have directory servers setup. There is no real documentation on this part that I can find either... Requirements?

The account I want to use is in the default Users OU. I am going by what HP says shoudl be in there according to the limited documentation on this subject.

Here is the error...

Cannot authenticate the server with the given credentials, search context and certificate.

Any help would be appreciated.

Re: AD auth issues still

ChrisLynch — Fri, 14 Aug 2015 18:10:56 GMT

We do have detailed documentation on how to configure the LDAP/Active Directory Authentication feature of HP OneView. It is documented in both the User Guide (look at Appendix D on Page 402) and the Deployment and Management Guide (starting on Page 108, and I'm the author of that document). I have linked to the current versions of both.

Typical issues are DNS (wrong DNS A record for specified Domain Controllers), LDAP OU structure, and missing SSL Certs (for Secure LDAP) on Domain Controllers/LDAP Servers. You must include the OU's where the user account and directory security groups are located in the second field.

Re: AD auth issues still

RayS_1 — Mon, 03 Aug 2015 00:37:10 GMT

Documentation provides a lot of good information on setting up the proper context for the AD authentication. I need help in getting the SSL certificate, what does it require a certificate? Is there a option to bypass the proces or at least document the process better. I have found several articals on it and all are so convoluted it not worth the time, and I'll need to start looking for another tool, life is too short to spend hours settup the SSL intergration. I may be completey stupid but I need some kind of "sock puppet" version of the directions.

Re: AD auth issues still

FabSan — Mon, 10 Aug 2015 18:04:03 GMT

Chris, the links are not working "We are sorry but your search produced 0 results." for both. I'm also getting errors with adding AD intergration....

"Cannot authenticate the server with the given credentials, search context and certificate.

Verify that the server is active and the user credentials, search context and certificate are correct."

I tried just about everything. this wont be good come audit.

OneView 1.20-5

Re: AD auth issues still

ChrisLynch — Fri, 14 Aug 2015 18:12:06 GMT

Links have been fixed.

Also, check to make sure you have the correct Public Certificate of your Domain Controllers. You should never export the private key, only the Base64 public cert.

Re: AD auth issues still

Hendricus — Wed, 04 May 2016 09:26:41 GMT

I wrote a blog about this issue with a step-by-step guide:
https://hendric.us/connect-hp-oneview-with-active-directory-step-by-step/

I hope this guide helps everyone dealing with this issue.