NetWorker: Active Directory user cannot log in to NetWorker, LDAP error code 49 Data 52f
Summary: Active Directory users cannot log in to NetWorker and to NMC. The error generated is "incorrect username or password".
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Active Directory users cannot log authenticate in NetWorker command-line or user interfaces (NetWorker Management Console, NetWorker Web User Interface, so forth).
nsrlogin returns the error "incorrect username or password"; however, the user's logon name and password were entered correctly.
The authc-server.log logged the following message:
nsrlogin returns the error "incorrect username or password"; however, the user's logon name and password were entered correctly.
The authc-server.log logged the following message:
Unable to get user by name '<user name>'. Reason: Incorrect result size: expected 1, actual 0 Failed to bind as <Distinguished Name of the user> Users: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52f, v4f7c^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52f, v4f7c^@]
Linux: /nsr/authc/logs/authc-server.log
Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs\authc-server.log
Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs\authc-server.log
Cause
Protected User Group is enabled on the Active Directory server. The affected user is a part of the Protected User Group.
Resolution
Create a new AD user account that is not part of the Protected User Security Group.
The new AD user must be added to an AD group which has been granted NetWorker User Roles.
Additional Information
LDAP error code 49 means authentication error.
LDAP data error code 52f means that the Account Restrictions are preventing this user from signing in.
49 52f 1327 ERROR_ACCOUNT_RESTRICTION
For more information about Protected User Groups, see https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
For added security, configure NetWorker to use LDAPS instead of LDAP.
LDAP data error code 52f means that the Account Restrictions are preventing this user from signing in.
49 52f 1327 ERROR_ACCOUNT_RESTRICTION
For more information about Protected User Groups, see https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
For added security, configure NetWorker to use LDAPS instead of LDAP.
Article Properties
Article Number: 000221735
Article Type: Solution
Last Modified: 22 Apr 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.