Troubleshooting security settings

Appliance lost connection with web server

Minimum required privileges: Infrastructure administrator

1. When creating a certificate signing request or importing a certificate, verify that the networking is working properly.

2. Wait for the web server to restart, then try the action again.

Insufficient time

Minimum required privileges: Infrastructure administrator

1. Wait. Creating a support dump file can take several minutes. If the log files are large or if the system is extensive, creating a support dump file can take even longer.

2. Retry the create support dump action.

Insufficient disk space

Minimum required privileges: Infrastructure administrator

1. Ensure that the appliance has more than 300 MB to accommodate the support dump file.

2. Retry the create support dump action.

Insufficient disk space

Minimum required privileges: Infrastructure administrator

1. Ensure that the local computer has more than 300 MB to accommodate the support dump file.

2. Retry the create support dump action.

Directory service server is down

1. Locally run the ping command on the directory server IP address or host name to determine if it is online.

2. Verify that the appliance network is operating correctly.

3. Contact the directory service administrator to determine if the server is down.

Inaccurate settings in the Add Directory screen

1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

2. Verify that the Directory type is correct.

3. Ensure that the Search context fields are correct.

   Verify that the group is configured in the directory service.

4. Verify that the credentials of the authentication directory service administrator are correct.

5. Ensure that the role assigned to the group is correct.

   For more information, see Add or Edit Directory Group screen details

Lost connection with directory service host

1. Verify that the settings for the directory service host are accurate.

2. Locally run the ping command on the directory server’s IP address or host name to determine if it is on-line.

3. Verify that the port for LDAP communication with the directory service is correct.

4. Verify that the port you are using for communication is not blocked by any firewalls.

5. Verify that the appliance network is operating correctly.

6. Determine that the appliance virtual machine is functioning properly and that there are enough resources.

Inaccurate credentials

1. Verify the login name and password are accurate.

2. Verify the search context information is accurate; you might be trying to access a different account or group.

3. Re-acquire and install the directory service host certificate.

4. Contact the directory service provider to ensure that the credentials are accurate.

Lost connection with directory service host

1. Verify that the settings for the directory service host are accurate.

2. Verify that the correct port is used for the directory service.

3. Verify that the port you are using for communication is not blocked by any firewalls.

4. Locally run the ping command on the directory service host’s IP address or host name to determine if it is on-line.

5. Verify that the appliance network is operating correctly.

6. If the appliance is hosted on a virtual machine, determine that it is functioning properly and there are enough resources.

Inaccurate credentials

1. Verify that the login name and password are accurate.

2. Reacquire and install the directory service host certificate.

3. Contact the directory service provider to ensure that the credentials are accurate.

Inaccurate settings in the Add Directory screen

1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

2. Verify that the Directory type is correct.

3. Ensure that the Search context fields are correct.

   Verify that the group is configured in the directory service.

4. Verify that the credentials of the authentication directory service administrator are correct.

Lost connection with directory service host

1. Verify that the settings for the directory service host are accurate.

2. Verify that the correct port is used for the directory service.

3. Verify that the port you are using for communication is not blocked by any firewalls.

4. Locally run the ping command on the directory service host IP address or host name to determine if it is online.

5. Verify that the appliance network is operating correctly.

6. If the appliance is hosted on a virtual machine, determine that the virtual machine is functioning properly and enough resources are allocated to it.

Inaccurate credentials

1. Verify that the login name and password are accurate.

2. Reacquire and install the directory service host certificate.

3. Contact the directory service provider to ensure that the credentials are accurate.

Group not configured in the directory service

1. Verify the name of the group.

2. Contact the directory service administrator to verify that the group account is configured in the directory service.

3. Verify that the group is within four hierarchical levels from the group specified by the DN.

   For more information, see About directory service authentication.

Default directory was changed and a user name in the old and new directory identifies different individuals

For example, consider the scenario where steve.users.lab.example1.com is assigned to Project A.

If you change the default directory from “Lab” to “Marketing” and the new directory includes steve.users.marketing.example1.com, then both users named “Steve” have access to Project A. This is a security issue.

1. Revoke one of the duplicate user names from Project A in the OpenStack Identity (Keystone) database.