/build/static/layout/Breadcrumb_cap_w.png

"Enable Single Sign On" missing

I've updated my K1000 to 5.5 and joined our AD domain, but I don't have an "Enable Single Sign On" box to check in the Security Settings control panel. Any idea how I might enable sso?

Thanks.

Asked 10 years ago 5064 views
1 Comment   [ + ] Show comment
  • also remember that the AD Schema needs to be W2k3R2 or above! - Nico_K 9 years ago

Answers (2)

Posted by: jegolf 10 years ago
Red Belt
1

Maybe try unjoining and rejoining the domain as even though it is stated as joined when I checked my box the AD username is visible and in your shot it's not...something to try.

Comments:
  • Thanks. The name is there, but I blocked it out before posting. I just tried unjoining and then doing a force join, but still no luck with the missing checkbox. I tried unjoining and force joining and got these errors in the log:
    VAS_ERR_LDAP ... Problem 4003 (INSUFF_ACCESS_RIGHTS) and
    LDAP_INSUFFICIENT_ACCESS

    I also saw something like "keytab not found" on the join page, but it isn't in the log.

    The kbox does actually appear to be joined, and an object was created in AD. I'm not the main domain admin, but the admin account I used does have full rights for creating computer objects and I have no problems joining Windows or Linux computers to the domain. - tpr 10 years ago
  • I forgot to add that ldap authentication is working fine, so it's only the join process that is returning ldap errors. - tpr 10 years ago
    • I was thinking it could be a permissions issue. The SSO process also creates a user account in the domain so make sure the account you're using has rights to do so... - jegolf 10 years ago
      • I think you're right. I'm an admin for our dept OU, but not the domain. I created the kbox computer object in my OU before joining it to AD, but the logs show that it is still trying to create the object in the default computer container in the OU. I have just enough rights there for objects to be created during the join (if they aren't created manually beforehand).

        I've opened a ticket and asked if there is any way to have the object created in a specific OU where I have full rights. One thing that's interesting is that the object I pre-create does get updated with OS during the join and the kbox seems to recognize that it's in AD. - tpr 10 years ago
Posted by: tpr 10 years ago
2nd Degree Black Belt
0

Can someone post an image that shows the "Enable Single Sign On" checkbox so I can see where it should be showing up on my kbox? Thanks.

Posted by:

tpr 2nd Degree Black Belt
Ninja since: 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ