Unsolved
This post is more than 5 years old
13 Posts
0
2905
Av 6.1 - LDAP maps configured but user gets 'login failed'
Hi all,
I have Avamar 6.1.0-333 installed and have configured LDAP maps to allow me to add administrators via AD groups rather than directly to Avamar (great improvement EMC!!)
Prior to the 6.1 upgrade my grid was configured with LDAP authentication and this worked without issue. I have since removed my 'custom defined' user from the Avamar system and trying to authenticate via the LDAP map.
This is not working too well and I think I just need to understand the limitations of the Avamar LDAP system, for example:
Can it work with both 'domain local' and 'global' security groups
Is there a limit to the number of groups it can enumerate from the user account (like a 'token size')
Are there any characters that are allowed in Windows group names that Avamar / Unix LDAP does not understand (e.g. '&')
Is there any shell commands I can use to troubleshoot this further, e.g. to see a list of the groups it 'is' enumerating?
If I can't get any luck on here I will raise an SR for offical support.
Thanks all
ionthegeek
2K Posts
0
June 27th, 2012 07:00
I've brought your questions to the attention of the developers but we'd like to make sure standard process is followed so we get the answers documented appropriately along the way. Could you please open a service request for this and send me the SR# in a private message? You can send me a PM from my profile.
Thanks!
hkniep
4 Posts
0
October 22nd, 2012 11:00
I am having the same issue. Any update with this?
hkniep
4 Posts
0
October 22nd, 2012 13:00
I am having the same issue. Any update with this?
paulmaddocks_37
13 Posts
1
October 23rd, 2012 00:00
Hi
To close the loop on this one, after much assistance from support and the dev team, the issue that causes this is being a member of 1 or more groups that do not have a certain attribute set in AD (I think 'SAMAccountName') one example of this possibly being the 'Administrators' group.
To resolve, there is an official hotfix - 38439 which can be installed by the Avamar support team.
By all accounts this may be wrapped up in the SP1 software update as well but if you just want the fix, ask for the number above.
Also if you do update to a future version and this has not been included, the hotfix will need to be re-applied following the software update so be sure to mention it.
Have a good day, hope this helps.
ionthegeek
2K Posts
0
October 23rd, 2012 07:00
I can confirm that the fix was checked into the 6.1 SP1 branch.
hkniep
4 Posts
1
October 23rd, 2012 11:00
Opened a SR and needed new avldap_win and user-authentication files. Also need to add ldap.query.domain= domain into the ldap.properties file.
Thanks for all your help.
mtg82814
35 Posts
0
April 10th, 2013 07:00
We seem to be having this issue on SP1 as well. Can you confirm this should be fixed or other steps that need to be done for users in multiple groups?