Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

SCDLAdmin

4 Posts

5069

June 6th, 2017 13:00

Unisphere LDAP authentication fails

EMC Unisphere v1.3.8.1.0019

Have configured LDAP authentication following the Unisphere help content and several online tutorials.

Using Microsoft Active Directory on port 389, our domain name and a valid bind user/password.

Attributes were left at defaults and an existing AD Group (of which I am a member) is mapped to the Unisphere Administrator role.

However, all attempts at logging in via LDAP credentials fail with the message box 'Authentication Failed'.

What other steps are necessary?

TIA

Rick

maniemc

169 Posts

June 7th, 2017 04:00

Can you check via naviseccli (even from CS if this is unified)?.

Example:

naviseccli  -h spa -login ldapuser -scope ldap -password ldap_passwd getagent

If that works, may be some issue with VNX File (again you check this on Unisphere by giving SPA IP and try).
May be worth to do re-fuse.

If not working ensure below checklist is good:

1) your login on the AD is below the search path given in Unisphere user search path (& group and its path)

2) AD is working on port 389 (Most MS AD is configured with ldaps port 639 with certificate)

3) your AD user is direct member of the group that is configured in LDAP Group

If it is still complex, tech support could help resolve this. Several KBs exist for LDAP configuration.

SCDLAdmin

4 Posts

June 7th, 2017 14:00

I couldn't check via SSH connection.

There isn't a place to enable SSH on our version of the software.

I've checked the AD search path, user and AD port and these are all correct.

I thought I was missing something simple, but this might have to be a support ticket.

supportotecnicoConsiglio

2 Posts

July 21st, 2017 05:00

Firtst problem solution: max Character for Active Directory Group for mapping to ROLES 32 Character name and Nested Group in root group with  minus character then root group named (active directory group I intend OU).

Second Problem:

If you have Unified LDAP access is OK on Unisphere , but with error like "...

" The storage processors did not log in properly.

Recommended Action : The login error may have occurred because:

1. Certificates are not accepted.

2. Both storage processors or the control station are not accessible.

3. You have logged in to a File or Block system using a local user account not defined on both the File and Block systems".

but no FUNCTION active and/or BLOCK function are Greyed.(not only Block Functions, but Admin and network roles functions are greyed).

ALSO

If you Login to SP IP (one or Both) via UNISPHERE with LDAP user (LDAP Bindings configuration OK...obviously...), isteand of Control Station IP, you have "authentication failed" messages

Solution for second problem:

when you authenticate to UNISPHERE use only username e password with LDAP scope enabled - NO ACTIVE DIRECTORY DOMAIN LADAP SUFFIX !!! only user with NO domain...

  • DOMAIN\user +LDAP --no
  • user@domain.fully.qualified +LDAP --no

only user +LDAP

View More

View All

No Events found!

Top