Code: Select all
Unable to authenticate: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)AD/LDAP not working
AD/LDAP not working
Getting this error:
We have imported the root and issue cert and have it set to use SSL. We try both ldap and AD and both return with the above error.
2 of XI5.6.14 Prod/DR/DEV - Nagios LogServer 2 Nodes
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
Re: AD/LDAP not working
If your XI server OS version is RedHat/CentOS/Oracle:
Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files
Then run these commands:
Then test it again.
If your XI server OS version is Ubuntu/Debian:
Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files
Then run these commands:
Then test it again.
If that still doesn't resolve it (it should), please PM the full output of this command:
- Change your.ad_or_ldap.server before running
And attach or PM this file:
Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files
Code: Select all
/etc/pki/ca-trust/source/anchors/Code: Select all
update-ca-trust extract
systemctl restart httpd php-fpmIf your XI server OS version is Ubuntu/Debian:
Take the CA certs and put them in individual files in this directory:
- NOTE: They must have a .crt extension on the files
Code: Select all
/usr/local/share/ca-certificates/Code: Select all
sudo update-ca-certificates
systemctl restart apache2If that still doesn't resolve it (it should), please PM the full output of this command:
- Change your.ad_or_ldap.server before running
Code: Select all
echo 'DONE' | openssl s_client -showcerts -connect your.ad_or_ldap.server:636Code: Select all
/etc/openldap/ldap.confRe: AD/LDAP not working
That fixed it, but php-fpm wasn't even installed so I did install that as well.
Thanks a ton!
Thanks a ton!
2 of XI5.6.14 Prod/DR/DEV - Nagios LogServer 2 Nodes
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
Re: AD/LDAP not working
Glad that fixed it!
Are you on EL7? If so, just installing php-fpm wouldn't make it work, you would need to setup apache to use PHP-FPM for it to be used, I know it can be setup but I haven't personally done it on EL7.
Only EL8+ systems have PHP-FPM setup by default, I don't think Debian/Ubuntu have it setup at all without manual intervention/setup:
https://tecadmin.net/setup-apache-php-fpm-ubuntu-20-04/
Are you on EL7? If so, just installing php-fpm wouldn't make it work, you would need to setup apache to use PHP-FPM for it to be used, I know it can be setup but I haven't personally done it on EL7.
Only EL8+ systems have PHP-FPM setup by default, I don't think Debian/Ubuntu have it setup at all without manual intervention/setup:
https://tecadmin.net/setup-apache-php-fpm-ubuntu-20-04/
Re: AD/LDAP not working
Yeah, RHEL 7.
Thanks again
Thanks again
2 of XI5.6.14 Prod/DR/DEV - Nagios LogServer 2 Nodes
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
See my projects on the Exchange at BanditBBS - Also check out my Nagios stuff on my personal page at Bandit's Home and at github
Re: AD/LDAP not working
I'm not sure on the specifics but you should be able to look at how an el8 system is setup. Check your PMs.