/build/static/layout/Breadcrumb_cap_w.png

KACE Product Support Question


LDAP problem with new account

05/06/2020 136 views

I'm running the SMA appliance, version 10.1.99. I have 2 working ldap configurations pulling from active directory - one for admins and one for our users. I created a new account in AD and a new ldap configuration for that account, which will be a read only administrator. I successfully imported the user into the SMA users, but I can't log into the console with the new account. I get the "incorrect ldap user name or password" error. I can log into a computer with the new ad account, so I know the account name and password are correct. The name has an underscore and a dot, but those should be allowed by ldap (our admin accounts have a dot).

To troubleshoot further, I added the new account to my kbox admins group in AD. Membership of that group is part of the SMA admin ldap config filtering, but still no luck.

Any idea how I might get this new account to log in?

Thanks.

3 Comments   [ + ] Show comments

Comments

  • What the Role set to for these new imported users?
    • Slight breakthrough - my original 5 admins are in a different OU than my new kbox account. I prefer not to put the new account in the same OU because those admins have other admin rights to different things besides kbox. So, there must be another ldap setting somewhere that is restricting kbox ldap searches to that OU. Do you happen to know where that setting is? I'm tryng to go through ldap docs.

      Thanks.
  • Thanks for the response. It's just one new user. I've tried Read Only Administrator and Administrator. At one point early on, I got an error about no access to the tabs, so I thought it was just a role assignment problem. I verified the role (which looked right), and since then I've only gotten the failed login or lockout message.

    I also got ldap search errors early on, but not the last 20 or so attempts. I ran the import user tool again just to make sure kbox recognized the account, and I didn't have any problem doing that.

    I also changed the password to one I know has worked, just to make sure I didn't have an illegal character.
  • Another clue (I hope). Like I said, I've added the new user account to my kbox admin group in AD. When I run the LDAP Browser in kbox and use a search filter of (memberOf=CN=Kbox-Admins,OU=etc, etc) and click search, the 5 admin users who have been in there for a while all show up in the results, but the new account does not.

    If I leave the same base DN but change the filter to (cn=kboxdb), the new user shows up. Why would it show up in the individual search but not as part of the group?

Be the first to answer this question

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ