I am getting an error on Networker 19.4 when trying to launch the console, "Unable to log into NMC with AD/LDAP account "Unable to login, verify that the authentication service on [servername] is running". The issues is exactly as described on https://www.dell.com/support/kbdoc/en-uk/000192505/gstd-nsr-error-78-unable-to-login-verify-that-the... but this is a Windows server, not Linux.
I have tried some of the commands/tests on the article, using keytool to list certificates, but as far as I can see, LDAPS is not being used in this instance. There are no certificates pertaining to my LDAP server, and I cannot see any connections being opened on port 686, only port 389.
If I try and look at the other referenced link, https://www.dell.com/support/kbdoc/000156132/, all I get is a message saying "This article is permission based. Find another article". I also can't find any Information on configuring LDAPS in the NetWorker Security Configuration guide, mainly because I can't find the guide!
Any help appreciated!
@le0pard , Can you provide a little more information related to the error? Refer to the file <installation_dir>\nsr\authc\authc-server.log on the server configured as authc server for the NMC. Also from the same server try
nsrlogin -H <authc serverhostname> -d <AD domain> -u <ad username>
Hi crazyrov, thanks for your input.
My authc-server.log (in nsr\authc-server\tomcat\logs) is empty, 0 bytes.
If I attempt to login using nsrlogin all I get is a message:
117849:nsrlogin: Authentication library error: Authentication service is unavailable.
The Domain Controller is available on port 389.
authc_config lists the ldap server on port 389, not 686. Not sure where to look next.
You dont have the authc service running on whichever system you had designated as the authc server. Please check which is the authc server that you had configured with the NMC and then check the logs on that server.
Trying again today and it seems as if there is an ssl issue. When I am trying to do the last step in https://www.dell.com/support/kbdoc/en-uk/000192505/gstd-nsr-error-78-unable-to-login-verify-that-the...
authc_config -u Administrator -e update-config -D config-id=2 -D config-active-directory=y -D config-user-dn-password=<PASSWORD FOR USER>
Enter password: <Networker ADMINISTRATOR Password>
I get an error, but the long and the short of it is: "The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection".
The config was originally done with port 389 and then the policy was enforced. I can't update the policy using the GUI, so I'm guessing I may need to delete it somehow and reconfigure using 686. Have to see if I can find out how to delete the config now, as I can't "update" it, because I get a bind error, because the connection is not SSL\TLS!
You could just create a new configuration and see if that works.
Back to this again and still pulling my hair out! If I set the server type as LDAP over SSL I can authenticate and it says "Authentication Authority Provider was successfully modified". However, if I put the DN of my user in the console application administrator group it just tells me "Could not authenticate using this username, try again"
If I try to set up Active Directory authentication I get an error "PUT failed with HTTP_ERROR:400, Server message: could not parse server response from json string.
I can use LDP.exe to bind and connect to port 636 and query Active Directory, so I have no clue what's going on!
Here's another thing - when I use authc_mgmt and query-ldap-users or query-ldap-groups, it finds them all without any issues, but if I try query-ldap-groups-for-user, it says 404, user does not exist.
... and how do I delete a config?
@crazyrov - thought I would let you know, as you've been very helpful and will probably appreciate this...
I spoke to someone in Dell, who sent me a PDF, which had a link in it.
I can't actually find the article in the pdf on Dell's site, but the linked article has a good section on how to configure it with authc_config.