NetWorker: Active Directory user cannot log in to NetWorker, LDAP error code 49 Data 52f
Riepilogo: Active Directory users cannot log in to NetWorker and to NMC. The error generated is "incorrect username or password".
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
Active Directory users cannot log authenticate in NetWorker command-line or user interfaces (NetWorker Management Console, NetWorker Web User Interface, so forth).
nsrlogin returns the error "incorrect username or password"; however, the user's logon name and password were entered correctly.
The authc-server.log logged the following message:
nsrlogin returns the error "incorrect username or password"; however, the user's logon name and password were entered correctly.
The authc-server.log logged the following message:
Unable to get user by name '<user name>'. Reason: Incorrect result size: expected 1, actual 0 Failed to bind as <Distinguished Name of the user> Users: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52f, v4f7c^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52f, v4f7c^@]
Linux: /nsr/authc/logs/authc-server.log
Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs\authc-server.log
Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs\authc-server.log
Causa
Protected User Group is enabled on the Active Directory server. The affected user is a part of the Protected User Group.
Risoluzione
Create a new AD user account that is not part of the Protected User Security Group.
The new AD user must be added to an AD group which has been granted NetWorker User Roles.
Informazioni aggiuntive
LDAP error code 49 means authentication error.
LDAP data error code 52f means that the Account Restrictions are preventing this user from signing in.
49 52f 1327 ERROR_ACCOUNT_RESTRICTION
For more information about Protected User Groups, see https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
For added security, configure NetWorker to use LDAPS instead of LDAP.
LDAP data error code 52f means that the Account Restrictions are preventing this user from signing in.
49 52f 1327 ERROR_ACCOUNT_RESTRICTION
For more information about Protected User Groups, see https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
For added security, configure NetWorker to use LDAPS instead of LDAP.
Proprietà dell'articolo
Numero articolo: 000221735
Tipo di articolo: Solution
Ultima modifica: 22 apr 2024
Versione: 1
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.