2 Replies Latest reply on Oct 15, 2012 1:21 PM by 968136

    VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory

      OK,I follow the official documents step by step,I installed the vdi 3.4 in Oracle Linux 5.7(oraclevdi.jiayutester.com),then installed a window server 2008 r2 64bit(jiayudc.jiayutester.com) that made it to be the Domain Controller(jiayutester.com) and DNS,at the end,I edit the /etc/krb5.conf.I execute the following commands:
      1.getent hosts jiayudc.jiayutester.com
      --------------------My Note:Normal-----------
      2.kinit -V administrator@jiayutester.com
      Authenticated to Kerberos v5

      This is my krb5.conf------------------------------------
      default = FILE:/var/log/krb5libs.log
      kdc = FILE:/var/log/krb5kdc.log
      admin_server = FILE:/var/log/kadmind.log

      default_realm = JIAYUTESTER.COM
      default_checksum = rsa-md5
      dns_lookup_realm = true
      dns_lookup_kdc = true
      ticket_lifetime = 24h
      forwardable = yes

      kdc = space-21pel8ghu.jiayutester.com
      admin_server = space-21pel8ghu.jiayu.com:749
      default_domain = jiayutester.com

      .jiayutester.com = JIAYUTESTER.COM
      jiayutester.com = JIAYUTESTER.COM

      pam = {
      debug = false
      ticket_lifetime = 36000
      renew_lifetime = 36000
      forwardable = true
      krb4_convert = false

      Then,I login to the web console to set company, I select Active Directory to use as User Directory,then I fill up all the needed information(I am sure that all the information I fill in the form is correct),when I click the next,error occured....it's the context:

      Unable to Connect to User Directory
      Failed to connect, no servers available

      Now,I searched everywhere for information,but I can't resolve the problem...Please help me,smart guys
        • 1. Re: VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory
          Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:

          default_tkt_enctypes = rc4-hmac
          default_tgs_enctypes = rc4-hmac

          And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)

          Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:

          For example:

          $ *nslookup -querytype=any gc.tcp.vdi.com.*
          Server:          win2008.vdi.com

          gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.

          $ nslookup win2008.vdi.com.
          Server:          win2008.vdi.com

          Name:     win2008.vdi.com
          Address: _192.168.1.100_

          r$ nslookup
          Server:          win2008.vdi.com

     name = win2008.vdi.com.*

          You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.

          Beyond that, you need to look in the cacao.log file for errors that you can find and post.

          Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM