/build/static/layout/Breadcrumb_cap_w.png

KACE K1000 6.4 - SSO Active Directory

Hi there,

Despite the number of post i have seen about how to manage SSO in the K1000 (v6.4), i'm still stuck.

I checked every requierement:
-    DNS
-    NTP
-    DHCP
-    ...

To connect:
I tried to put the distinguished name instead of just the user name i use to join the AD but none of them work.
Tried full domain name and just the one i used to join computer in domain.
Keep getting the following error: "ERROR: failure of the attempt of connection. Impossible to connect the object computer."

Besides, if i don't get the message above (because i change between username format), i have error log:
    [Mon Jun 13 16:52:24.055965 2016] [proxy_fcgi:error] [pid 41971:tid 34460488704] [client 10.0.0.31:59417] AH01071: Got error 'PHP message: QAS: Checking     whether computer is already joined to a domain ... no\nPHP message: QAS: Reading password for \\kace_ldap@**domaine**.FR from stdin...\nPHP message: QAS:     Configuring forest root ... **domaine**.fr ... OK\nPHP message: QAS: Configuring site ... **Town** ... OK\nPHP message: QAS: Joining computer to the domain as     host/serveur-name.**domaine**.fr ... Failed\nPHP message: QAS: ERROR: Unable to join computer object\nPHP message: QAS: ERROR: Could not join to the     domain\nPHP message: QAS: VAS_ERR_LDAP: LDAP error\nPHP message: QAS: Error encountered processing ldap result for dn     [CN=serveur-    name,CN=Computers,DC=**domain**,DC=fr], err=0000207C: AtrErr: DSID-031530E5, #1:\nPHP message: QAS: 0: 0000207C: DSID-031530E5,     problem 1005     (CONSTRAINT_ATT_TYPE), data 0, Att 3 (cn)\nPHP message: QAS: .\nPHP message: QAS: Caused by:\nPHP message: QAS:     LDAP_CONSTRAINT_VIOLATION: No LDAP error string defined for LDAP error code: 19\n', referer: http://serveur-name/adminui/settings_security.php

KACE official post says the user used to join the AD doesn't need specifique right. My user is a member of the domain with no other rights.

Any idea ?
Thanks.

Comments

  • I seem to remember when I tried setting up SSO the Web URL had to match the domain name. As we use a .local for our internal domain so setting up SSO was not possible as we used a .com for the KACE web URL. We ended up just setting up the login via LDAP so the auth is still based on the AD password. Was hoping to give a seamless web option from our SharePoint site but no good. - smalls 7 years ago
  • Hi, thank you smalls for participating.
    I fixed my issue by giving writing right on the domain to my user. I'm still curious about why i had to do that. The user which is used to sync LDAP to KACE do not write but just read content. - Olendis 7 years ago
  • Solved ! - Olendis 7 years ago
  • Hi Olendis,
    Thanks for posting, I'm in the same boat. Simple domain user account won't work for AD authentication within KACE but if I make that account a domain admin then it works. That was proof of concept that it's a rights issue, I didn't want to leave the domain admin rights.

    How do you add "writing right"? Is it a role? - CTM 7 years ago
  • I lost SSO when I migrated from physical K1000 to virtual appliance, but it probably involved an upgrade, too. I just discovered the "Autogenerate Server Name" in the network settings, which was set by default. I unchecked it and rebooted. Shazam - SSO works again.

    Thanks, Dell. - tpr 7 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ