Hi folks.

I have spent some grueling hours trying to resolve an error that is preventing regular users from logging into the K1000. This error occurs when a secondary bind to the LDAP server is attempted. The primary or initial bind works correctly without issue. For admin level users who also are Active Directory Domain Admins, all binds (initial and secondary) work as expected. I am not sure what the issue is but I know I need some help...

Thanks in advance for any and all responses.

--james
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
I have spent some grueling hours trying to resolve an error that is preventing regular users from logging into the K1000.
Call support. This definitely warrants a call. I could give you a few tips, but there is no point spending your time trying to figure it out when your users are unable to login.
Answered 09/28/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
Details on your configuration and the error would help greatly. Support will want that too.
Answered 09/28/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
I spent about 4 hours on this yesterday and the only way it will work is the Windows user's account is allowed to log onto ALL COMPUTERS. Just adding the name of the K1000 into it's list og LOG ON TO... doesn't work. I am wondering if it is because the KBOX isn't actually part of the domain...

--james
Answered 09/29/2011 by: jbowes
Orange Senior Belt

Please log in to comment
0
I believe your assumption is correct.
Answered 09/29/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
Some google searches lead me to believe that adding the domain controller's name does the trick.
Answered 09/29/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
Okay - you are correct. Adding the DC name does work but that it not really something we would like to do.

I suppose the question is why do they need that? For LDAP searches to actually work? Within AD's LDAP, I know the userWorkstation attribute exists but it doesn't seem have any significance...


--james
Answered 09/30/2011 by: jbowes
Orange Senior Belt

Please log in to comment
0
The problem isn't KBOX - it's your Active Directory configuration. If you restrict your users to specific machines, they aren't going to be able to authenticate to anything else. It sounds like that is what's going on.
Answered 09/30/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
What is the expected significance of the userWorkstation attribute? Do you have support with Microsoft? Perhaps they could shed some light on an alternative?
Answered 09/30/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity