HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

AD auth issues still

CF_EMR
Occasional Visitor

AD auth issues still

Hi All,

 

Really struggling to get AD auth to work despite reverting to online help and the forum!

 

When adding the directory I've verified the search context i'm using using using dsquery -

 

dsquery user -name svc_oneview

 

This returns

 

"CN=svc_oneview,OU=Service Accounts,DC=XXXXXX,DC=com"

 

 

Search context has then been configured uisng

Box 1 = CN

Box 2 = OU=Service Accounts

Box3 = DC=XXXXXX,DC=com

 

If i put anything other than CN in the first box it fails validation. I have tried cn=svc_oneview, just oneview etc but to no avail.

 

If i go with just CN, when adding the directory group it fails with 'all the servers configured for this directory are unreachable with the given credentials'

 

Anyone able to help? 

 

10 REPLIES
CF_EMR
Occasional Visitor

Re: AD auth issues still

No idea what the issue was - working now.

 

Just removed and re-added all config and all good.  Strange but i'll take it!

ChrisLynchHPE
Neighborhood Moderator

Re: AD auth issues still

While I am glad you are able to get AD auth working, the fields can be a bit confusing.  Field 1 value is either UID or CN, with nothing else.  This tells the LDAP Client on the appliance what type of directory you are trying to configure; either LDAP (UID) or Active Directory (CN).   Field 2 is the base search context (can either be a single nested OU value [i.e. OU=admins,OU=contoso] , or up to 4 contantinated nested OU values [ i.e. OU=admins1,OU=contoso+OU=admins2,OU=contoso+OU=admins3,OU=contosoOU=admins4,OU=contoso]), and Field 3 is the root to the directory where the appliance will bind to (also using Field 2 values.)

 

Do know that we are working on improvements in this section of the UI.

KBengtson
Occasional Advisor

Re: AD auth issues still

I am curious what version of the OneView appliance are you running?

We are looking to upgrade to v1.20 next week, and AD authentication is part of our upgrade plan.

Re: AD auth issues still

Hello,

I had some issue with HP OneView and AD certificate and others authentication.

 

Always the same message :

"Cannot authenticate the server with the given credentials, search context and certificate.
Verify that the server is active and the user credentials, search context and certificate are correct."

 

After few hours, i'd decided to reboot. And now all is OK, with same parameters, accounts and certificate.

My DOMAIN is now visible in Oneview.

 

Version : 1.20.03

 

Regards,

Loïc

Loïc, from AntemetA, France
Richokc
Occasional Visitor

Re: AD auth issues still

I am still having issues getting this to work. I have tried about every combination known to man... I can't imagine why HP would put something like this out without detailed documentation on how to set it up. I have been trying to get this working for days now... Always the same errors. I tried the reboot as well since it helped another user... This is what I have setup...

 

Field 1      CN

Field 2      OU=Users,OU=Domain.com

Field 3      DC=domain,DC=net

 

(Example:Field1: CN / UID Field2: OU=example.com, OU=Users Field3: DC=examplecorp, DC=net)

 

I do have directory servers setup. There is no real documentation on this part that I can find either... Requirements?

 

The account I want to use is in the default Users OU. I am going by what HP says shoudl be in there according to the limited documentation on this subject.

 

Here is the error...

 

 
Cannot authenticate the server with the given credentials, search context and certificate.

 

 

Any help would be appreciated.

 

ChrisLynchHPE
Neighborhood Moderator

Re: AD auth issues still

We do have detailed documentation on how to configure the LDAP/Active Directory Authentication feature of HP OneView.  It is documented in both the User Guide (look at Appendix D on Page 402) and the Deployment and Management Guide (starting on Page 108, and I'm the author of that document).  I have linked to the current versions of both. 

 

Typical issues are DNS (wrong DNS A record for specified Domain Controllers), LDAP OU structure, and missing SSL Certs (for Secure LDAP) on Domain Controllers/LDAP Servers.  You must include the OU's where the user account and directory security groups are located in the second field.

RayS_1
Advisor

Re: AD auth issues still

Documentation provides a lot of good information on setting up the proper context for the AD authentication.  I need help in getting the SSL certificate, what does it require a certificate?  Is there a option to bypass the proces or at least document the process better.  I have found several articals on it and all are so convoluted it not worth the time, and I'll need to start looking for another tool, life is too short to spend hours settup the SSL intergration.  I may be completey stupid but I need some kind of "sock puppet" version of the directions.

 

 

FabSan
Occasional Advisor

Re: AD auth issues still

Chris, the links are not working "We are sorry but your search produced 0 results." for both. I'm also getting errors with adding AD intergration....

 

"Cannot authenticate the server with the given credentials, search context and certificate.

Verify that the server is active and the user credentials, search context and certificate are correct."

 

I tried just about everything. this wont be good come audit.

 

OneView 1.20-5

 

 

ChrisLynchHPE
Neighborhood Moderator

Re: AD auth issues still

Links have been fixed.

 

Also, check to make sure you have the correct Public Certificate of your Domain Controllers.  You should never export the private key, only the Base64 public cert.

Hendricus
Occasional Advisor

Re: AD auth issues still

I wrote a blog about this issue with a step-by-step guide:
https://hendric.us/connect-hp-oneview-with-active-directory-step-by-step/

I hope this guide helps everyone dealing with this issue.