Impossible d'ajouter un compte Active directory.

Les logs /var/log/vmware/sso/ssoAdminServer.log affichent cette erreur:

[2019-01-16T15:06:02.281+01:00 pool-3-thread-5 opId=dam-auto-generated: UsersSearchViewMediator:dr-10411:SsoUserDirectoryPropertyProvider:000000:00000-000000
-ngc:00000000 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-00000000-0000-0000-0000-000000000000, Domain: vsphere.local}
with role 'Administrator' is authorized for method call 'ServiceInstance.retrieveServiceContent'
[2019-01-16T15:06:02.304+01:00 pool-3-thread-5 opId=dam-auto-generated: UsersSearchViewMediator:dr-10411:SsoUserDirectoryPropertyProvider:000000:00000-00000
-ngc:00000000 INFO com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: vsphere-webclient-00000000-0000-0000-0000-000000000000, Domain: vsphere.local}
with role 'Administrator' is authorized for method call 'PrincipalDiscoveryService.findByName'
[2019-01-16T15:06:02.305+01:00 pool-3-thread-4 opId=dam-auto-generated: UsersSearchViewMediator:dr-10411:SsoUserDirectoryPropertyProvider:000000:00000-00000
-ngc:00000000 INFO com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl] [User {Name: vsphere-webclient-00000000-0000-0000-0000-000000000000, Domain
: vsphere.local} with role 'Administrator'] Find at most 200 principals by name matching criteria searchString=, domain=LUDO.LOCAL
[2019-01-16T15:06:02.883+01:00 pool-3-thread-4 opId=dam-auto-generated: UsersSearchViewMediator:dr-10411:SsoUserDirectoryPropertyProvider:000000:00000-00000
-ngc:00000000 ERROR com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Idm client exception
com.vmware.identity.idm.IDMException: Failed to establish server connection
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:1.8.0_192]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_192]
at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:138) ~[?:?]
at com.vmware.identity.idm.server.IdentityManager.findByName(IdentityManager.java:10469) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) ~[?:1.8.0_192]
at sun.rmi.transport.Transport$1.run(Transport.java:200) ~[?:1.8.0_192]
at sun.rmi.transport.Transport$1.run(Transport.java:197) ~[?:1.8.0_192]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_192]
at sun.rmi.transport.Transport.serviceCall(Transport.java:196) ~[?:1.8.0_192]
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573) ~[?:1.8.0_192]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834) ~[?:1.8.0_192]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688) ~[?:1.8.0_192]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_192]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687) ~[?:1.8.0_192]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_192]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_192]
at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_192]
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283) ~[?:1.8.0_192]
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260) ~[?:1.8.0_192]
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161) ~[?:1.8.0_192]
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:227) ~[?:1.8.0_192]
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:179) ~[?:1.8.0_192]
at com.sun.proxy.$Proxy61.findByName(Unknown Source) ~[?:?]
at com.vmware.identity.idm.client.CasIdmClient.findByName(CasIdmClient.java:2232) ~[vmware-identity-idm-client.jar:?]
at com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl.findByName(PrincipalManagementImpl.java:641) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl$14.call(PrincipalDiscoveryServiceImpl.java:411) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl$14.call(PrincipalDiscoveryServiceImpl.java:400) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:160) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl.findByName(PrincipalDiscoveryServiceImpl.java:400) [sso-adminserver.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server.jar:?]
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]
[2019-01-16T15:06:02.887+01:00 pool-3-thread-4 opId=dam-auto-generated: UsersSearchViewMediator:dr-10411:SsoUserDirectoryPropertyProvider:000000:00000-000000 -ngc:00000000 ERROR com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl] Idm client exception: Failed to establish server connection
com.vmware.identity.admin.server.ims.PrincipalManagementException: Idm client exception: Failed to establish server connection
at com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl.logAndThrow(PrincipalManagementImpl.java:2728) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl.findByName(PrincipalManagementImpl.java:644) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl$14.call(PrincipalDiscoveryServiceImpl.java:411) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl$14.call(PrincipalDiscoveryServiceImpl.java:400) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:160) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl.findByName(PrincipalDiscoveryServiceImpl.java:400) [sso-adminserver.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192]
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server.jar:?]
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]

Solution:

Editer /etc/krb5.conf et ajouter:

[libdefaults]
    rdns = false

Redémarrer likewise

/opt/likewise/bin/lwsm restart lwio

Source: Unable to list users for the selected domain and/or authenticate from Active Directory users into vSphere SSO domain after adding identity source

 

Comments est propulsé par CComment

Nous utilisons des cookies sur notre site web. Certains d’entre eux sont essentiels au fonctionnement du site et d’autres nous aident à améliorer ce site et l’expérience utilisateur (cookies traceurs). Vous pouvez décider vous-même si vous autorisez ou non ces cookies. Merci de noter que, si vous les rejetez, vous risquez de ne pas pouvoir utiliser l’ensemble des fonctionnalités du site.