NetWorker: Unable to log into NMC with AD/LDAP account "Unable to login, verify that the authentication service on [servername] is running"
摘要: Cannot login to NMC following upgrade, error of Unable to login, verify that the authentication service on [servername] is running
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
症状
When logging into NetWorker Management Console (NMC) with an AD/LDAP account, the following error appears: "Unable to login, verify that the authentication service on [servername] is running"
The NMC server's gstd.raw may report:
servername.domain gstd NSR error 78 Unable to login, verify that the authentication service on %s is running: [%s] 2 0 21 servername.domain 0 37 Authentication service is unavailable
The NMC server's gstd.raw may report:
servername.domain gstd NSR error 78 Unable to login, verify that the authentication service on %s is running: [%s] 2 0 21 servername.domain 0 37 Authentication service is unavailable
原因
The AD/LDAP configuration was done using SSL certificate(s) (LDAPS). These certificates were imported into the NetWorker server Java instance's cacerts keystore. There is a problem with the certificate(s) being used by authc.
解决方案
For the full procedure on configuring LDAPS with NetWorker refer to: https://www.dell.com/support/kbdoc/000156132/
Information on configuring LDAPS can be found in the NetWorker Security Configuration guide, available through: https://www.dell.com/support/
The process specific to the certificates is as follows:
Information on configuring LDAPS can be found in the NetWorker Security Configuration guide, available through: https://www.dell.com/support/
The process specific to the certificates is as follows:
- Get the Root and Chain certificates from the LDAP server:
openssl s_client -showcerts -connect LDAP_server_name:636
Note: In some environments only one certificate will be returned; however, if multiple (chain) certificates are returned create a individual .cer containing the individual certificate outputs. The certificates include the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- lines.
- Check the keystore for any existing certificates associated with the certificate:
/opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit | grep -i LDAP_server_name
a. If any certificate aliases are listed in the keystore associated with the LDAP server remove them with:
/opt/nre/java/latest/bin/keytool -delete -alias ALIAS_NAME -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit
- Add the new chain and root certificates (in that order) to the ‘cacerts’ file …
# /opt/nre/java/latest/bin/keytool -import -alias LDAP_server_name_CHAIN -keystore /opt/nre/java/latest/lib/security/cacerts -file /tmp/chain.cer -storepass changeit # /opt/nre/java/latest/bin/keytool -import -alias LDAP_server_name_ROOT -keystore /opt/nre/java/latest/lib/security/cacerts -file /tmp/root.cer -storepass changeit # /opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts | grep -i LDAP_server_name Enter keystore password: changeit LDAP_server_name_ROOT, Oct 13, 2021, trustedCertEntry, LDAP_server_name_CHAIN, Oct 13, 2021, trustedCertEntry,
- Restart NetWorker:
nsr_shutdown systemctl start networker
- re-run the ‘authc_config’
# /opt/nsr/authc-server/bin/authc_config -u Administrator -e update-config -D config-id=2 -D config-active-directory=y -D config-user-dn-password=<PASSWORD FOR USER> Enter password: <Networker ADMINISTRATOR Password> Configuration SLDAP is updated successfully.
其他信息
How to Configure LDAPS: https://www.dell.com/support/kbdoc/000156132/
受影响的产品
NetWorker, NetWorker Management Console文章属性
文章编号: 000192505
文章类型: Solution
上次修改时间: 10 1月 2022
版本: 2
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。