VMware Support Community
txadmin
Contributor
Contributor
‎07-26-2018 12:08 PM
Jump to solution

Unable to Configure Active Directory for Skyline 1.3

I'm having trouble getting AD integrated into the Skyline Collector.  After filling in the domain controller address, port: 636, domain name, and Users/Groups, "Set Active Directory Configuration" results in an extended loading time that ends with "AD configuration validation failed. Couldn't obtain Domain DN from an anonymous connection to host: XXX.XXX.XXX.XXX on port: 636"

I'd prefer to use port 636 but that ends in the above error.  Using port 389 results in success but no users can login.  This results in an "invalid credentials" error.

I've confirmed that I can reach my DC on port 636 by running nc -vc XXX.XXX.XXX.XXX 636 from the Skyline 1.3 appliance.

What am I missing? 

0 Kudos
1 Solution

Accepted Solutions
ashwin_prakash
VMware Employee
VMware Employee
‎07-30-2018 01:31 PM
Jump to solution

I would like to inform you that Only Kerberos (GSSAPI) with anonymous authentication is allowed on Skyline collector. Since this is not supported in the environment it would fail while trying to login to the Collector with AD Credentials. Probably in Skyline 1.4 or later, we have the LDAP authentication enabled which would help in using the Active directory user.

Sincerely,
Ashwin Prakash
Skyline Support Moderator

View solution in original post

0 Kudos
7 Replies
ashwin_prakash
VMware Employee
VMware Employee
‎07-30-2018 08:11 AM
Jump to solution

Hello,

Thank you for your post.

I understand that you have issues with AD login. Skyline supports only Kerberos (GSSAPI) for AD integration. If  AD don’t support it, login would fail.Please confirm whether Kerberos authentication is supported on your AD.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
txadmin
Contributor
Contributor
‎07-30-2018 12:46 PM
Jump to solution

Kerberos auth is supported and used in our environment.

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎07-30-2018 01:16 PM
Jump to solution

Thank you for the update, We would also like to know if anonymous authentication is supported in you Active Directory environment.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
txadmin
Contributor
Contributor
‎07-30-2018 01:26 PM
Jump to solution

If you mean for the ability to anonymously read AD, then no that functionality is not configured.

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎07-30-2018 01:31 PM
Jump to solution

I would like to inform you that Only Kerberos (GSSAPI) with anonymous authentication is allowed on Skyline collector. Since this is not supported in the environment it would fail while trying to login to the Collector with AD Credentials. Probably in Skyline 1.4 or later, we have the LDAP authentication enabled which would help in using the Active directory user.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
eulcedes
Contributor
Contributor
‎10-15-2018 12:51 AM
Jump to solution

I'm still seeing issues with configuring this in Skyline 1.4..  With using 389 the config goes through, but AD users aren't able to authenticate.

"Invalid Credentials"

Any suggestions?

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎10-16-2018 08:25 AM
Jump to solution

The workflow has not yet been changed on this Appliance, We are still waiting on confirmation as to in which release the AD configuration would be changed.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos