Hello everyone,
I recently started to test/compare UCS 5 as a successor of my current ActiveDirectory setup.
So far I joined one UCS node to my existing AD domain (domain/forest level 2016) which worked with some initial hick ups pretty good.
As I am using 802.1x for some of my WLAN clients (depending on the SSID/VLAN) I wanted to setup a RADIUS network client.
I was able to create a network object but I am unable to set a shared RADIUS secret.
I do always get following error message: The LDAP object cannot be saved: access denied. (Das LDAP-Objekt konnte nicht gespeichert werden: Zugriff verweigert.)
Any idea what I am doing wrong?
As a side note: I enabled SSL on AD connector but did not enable to store all user passwords at UCS.
Edit:
I checked the regular system logs via journalctl -xe
and found following entries:
Dez 02 07:38:52 UCSDC-1 slapd[28505]: get_ssa: conn 3221 unknown attribute type=mac (17)
Dez 02 07:38:52 UCSDC-1 slapd[28505]: get_ssa: conn 3221 unknown attribute type=ip (17)
Dez 02 07:38:52 UCSDC-1 slapd[28505]: get_ssa: conn 3221 unknown attribute type=inventoryNumber (17)
Dez 02 07:38:52 UCSDC-1 slapd[28505]: get_ssa: conn 3221 unknown attribute type=fqdn (17)
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_substring_candidates: (aAAARecord) not indexed
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_equality_candidates: (aAAARecord) not indexed
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_equality_candidates: (associatedDomain) not indexed
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_substring_candidates: (aAAARecord) not indexed
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_equality_candidates: (aAAARecord) not indexed
Dez 02 07:38:52 UCSDC-1 slapd[28505]: <= mdb_equality_candidates: (associatedDomain) not indexed
not sure if this a relevant for my topic