Configuring Active Directory Authentication with M1000e

Question

I'm trying to configure our M1000e CMC to integrate with our Active Directory database. My steps were: Create Dell Chassis Global Group in Active Directory and add my userID as a member of that group-> Use Standard Schema and add my created Chassis group to the role group. When I try and log into the CMC i receive the following error: Login Error: Credentials Failed, Please Try Again.'  even though the credentials are valid. Under Troubleshooting -> Diagnostics I run the following command, gettracelog, and receive the following results: Oct 31 11:44:02 DC-ENCL08 webcgi[26602]: LDAP User Authentication Starting...Oct 31 11:44:02 DC-ENCL08 webcgi[26602]: [setup]: LDAP Authentication StartedOct 31 11:44:02 DC-ENCL08 webcgi[26602]: [check]: SRV Query: PassOct 31 11:44:02 DC-ENCL08 webcgi[26602]: [check]: Initialization: FailOct 31 11:44:02 DC-ENCL08 webcgi[26602]: Falling back to local authentication due to LDAP error 'Invalid Hostnames' I am able to resolve the hostname of the enclosure through forward and reverse lookups without issue. I have also run ldp.exe from my workstation and was able to connect to port 389 on DCs with no issues. Can someone tell me what I'm doing wrong or that I'm missing?

robinsmf · Accepted Answer

Hi Shine,

Thanks for your help. The issue was with the syntax of my user name, not a configuration issue with Directory Services in the CMC console.

I was using domain\username instead of username@domainname.

Once I used username@domainname with my AD password I was able to successfully log into the CMC console with my AD credentials.

Regards,

Mark

robinsmf · Accepted Answer

The issue was with the syntax of my username. When I use username@domainname instead of domain\username I can now successfully log into the CMC console with my AD credentials. Thanks in advance, Mark

DELL-Shine K · Answer

CMC Active Directory Authentication work on SSL port. Can you check whether you can connect to port 636 using ldp.exe. Did you specified DNS IP address on CMC network page.

robinsmf · Answer

Yes I am able to connect to my DC on port 636 using ldp.exe. I have also confirmed that I have the proper IP defined for both my Static Preferred and Alternate DNS servers.

robinsmf · Answer

Also my CMC console is at version 4.45

DELL-Shine K · Answer

Select 'Microsoft Active Directory (Standard Schema)' and make all changes on this page and Apply setting. After apply setting Configure Group Setting. before applying setting on this page if you go to Group configuration page all setting on first page will get lost

DELL-Shine K · Answer

Are you configuring CMC for Microsoft Active Directory Login? If yes then you can choose 'Microsoft Active Directory (Standard Schema)' option instead of 'Generic LDAP'. Which is your CMC firmware version?

robinsmf · Answer

Yes I am trying to configure the CMC for Microsoft Active Directory Login.

Generic LDAP, Microsoft Active Directory (Standard Schema) and Microsoft Active Directory (Extended Schema) are all enabled. I have tried to disable Generic LDAP and Microsoft Active Directory (Extended Schema) so that i am just using Microsoft Active Directory (Standard Schema).

But each time I try to disable Generic LDAP and Microsoft Active Directory (Extended Schema) and click Apply it shows them as Enabled when I refresh my CMC console. Shouldn't I only be able to have one of these three options enabled instead of all three.?

robinsmf · Answer

I followed your instructions but I am still not able to log into the CMC console using my AD credentials. When I review the logs of the CMC I see this:

Nov 1 08:37:37 DC-ENCL08 webcgi[28646]: GenerateSidHashStr(): choices='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_0123456789.-?!'
Nov 1 08:37:37 DC-ENCL08 webcgi[28650]: ActiveDirectoryAuthenticate: user: robinsmf, domain: domain, AD type: 2
Nov 1 08:37:37 DC-ENCL08 webcgi[28650]: userDomain: domain.domain.ca
Nov 1 08:37:37 DC-ENCL08 webcgi[28650]: ldap_srvlist: res_query return len
Nov 1 08:37:37 DC-ENCL08 webcgi[28650]: Can't get srv record: domain.domain.ca
Nov 1 08:37:37 DC-ENCL08 webcgi[28650]: DNS resolve fails: _ldap._tcp.domain.domain.ca!
Nov 1 08:37:37 DC-ENCL08 : Domain user authen. fails, err: 24578
Nov 1 08:37:38 DC-ENCL08 : Login failed (username=domain\robinsmf, ip=142.239.65.30, error=0x00006002, type=GUI)
Nov 1 08:37:38 DC-ENCL08 webcgi[28646]: session close SID succeeds: sid=29210, User: domain\robinsmf, IP: 142.239.65.30
Nov 1 08:37:38 DC-ENCL08 : session close succeeds: sid=29210

When it tries to do validate my credentials it is using the wrong domain. Instead of using domain.ca, its using domain.domain.ca. I don't know why its using domain.domain.ca, can you tell me why?

DELL-Shine K · Answer

'userDomain' will come from user input. How did you give username in Login page. It should be username@domainname Can you share the AD configuration details. Did you configured 'Specify AD Server to search' and Domain Controller / Global Catalog fields.

Systems Management General

Was this post helpful?