NetWorker: AD over SSL (LDAPS) NMC Login Fails With "POST failed with HTTP-ERROR: 500"

摘要: You have created an external authority in the NetWorker Management Console (NMC) for Active Directory (AD) using the "LDAP over SSL" option. The configuration succeeded, but AD logins fail with "POST failed with HTTP-ERROR: 500" (Internal server error). This issue occurs because the LDAP over SSL option sets an internal authc flag "Is active directory" to "false." This option must be set to "true" when the authentication method is active directory. ...

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

症狀

  • You have created an external authority in the NetWorker Management Console (NMC) for Active Directory (AD) using the "LDAP over SSL" option.
  • The configuration succeeded, but AD logins fail with "POST failed with HTTP-ERROR: 500" (Internal server error)
HTTP Error 500 observed when logging in with an external user account
  • Local NetWorker user accounts (such as the default Administrator account) successfully log in to the NMC. 

原因

The LDAP over SSL option defaults an internal configuration parameter "is active directory" to false. This means that the configuration expects LDAP server (Linux based LDAP servers) configuration parameters. Since the values set in the Advanced Configuration Parameters are AD-specific, the login fails.

root@nwserver:~/#: authc_config -u Administrator -e find-all-configs
Enter password:
The query returns 1 records.
Config Id Config Name
3         AD_over_SSL

root@nwserver:~/#: authc_config -u Administrator -e find-config -D config-id=3
Enter password:
Config Id                    : 3
Config Tenant Id             : 1
Config Name                  : AD_over_SSL
Config Domain                : emclab.local
Config Server Address        : ldaps://winsrvr2k16.emclab.local:636/dc=emclab,dc=local
Config User DN               : cn=Administrator,cn=users,dc=emclab,dc=local
Config User Group Attribute  :
Config User ID Attribute     : sAMAccountName
Config User Object Class     : user
Config User Search Filter    :
Config User Search Path      :
Config Group Member Attribute: member
Config Group Name Attribute  : cn
Config Group Object Class    : group
Config Group Search Filter   :
Config Group Search Path     :
Config Object Class          : objectclass
Is Active Directory          : false
Config Search Subtree        : true

解析度

There are two options available.

Option 1:

Use the NetWorker Web User Interface (NWUI) update the configuration to use AD over SSL.

1. In a web browse, go to the NWUI: https://NetWorker_ServerName:9090/nwui
2. Log in as the default NetWorker Administrator account.
3. Go to Authentication Server->External Authorities.
4. Select the external authority repository and click Edit.
5. In the Basic Configuration tab, select AD over SSL from the Server Type drop-down.
NOTE: NetWorker: AD over SSL user logins not working after adding/updating external auth in NetWorker 19.11.

AD over SSL option in external authority wizard

6. Enter the User DN Password and click Save.

AD over SSL

Option 2:

Update the configuration using the authc_config command to set "is active directory : True"

1. Collect your config id:

authc_config -u Administrator -e find-all-configs

2. Update the "is active directory" value to equal true

authc_config -u Administrator -e update-config -D config-id=CONFIG_ID -D config-user-dn-password=BIND_ACCOUNT_PASSWORD -D config-active-directory=y
  • You are prompted to enter the NetWorker Administrator account password (hidden).
  • Replace CONFIG_ID with the config id shown in step 1.
  • Replace  BIND_ACCOUNT_PASSWORD with the password for the account used to add AD to NetWorker.
3. Confirm that changes were set: authc_config -u Administrator -e find-config -D config-id=CONFIG_ID 
root@nwserver:~/#: authc_config -u Administrator -e find-config -D config-id=3
Enter password:
Config Id                    : 3
Config Tenant Id             : 1
Config Name                  : AD_over_SSL
Config Domain                : emclab.local
Config Server Address        : ldaps://winsrvr2k16.emclab.local:636/dc=emclab,dc=local
Config User DN               : cn=Administrator,cn=users,dc=emclab,dc=local
Config User Group Attribute  :
Config User ID Attribute     : sAMAccountName
Config User Object Class     : user
Config User Search Filter    :
Config User Search Path      :
Config Group Member Attribute: member
Config Group Name Attribute  : cn
Config Group Object Class    : group
Config Group Search Filter   :
Config Group Search Path     :
Config Object Class          : objectclass
Is Active Directory          : true
Config Search Subtree        : true

4. You can confirm authentication by running the following command on your NetWorker server:

nsrlogin -t TENANT_NAME -d DOMAIN -u AD_USER_NAME

  • Replace TENANT_NAME with the name of the tenant used in your configuration. Unless you manually created a tenant, the value is default.
  • Replace DOMAIN with the domain value set in your configuration.
  • Replace AD_USER_NAME with an Active Directory username.
  • You are prompted to enter the password for the AD user specified.
5. If successful, run: nsrlogout

Accessing the NetWorker server from the NMC

You must set the Distinguished Name (DN) of an AD group in the NMC Roles and NetWorker server User groups before you can log in to the NMC with your AD users. This can be done when logged in with the default Administrator account:

NMC external users roles
NetWorker NSR User Groups permissions
You should now be able to log in to the NMC with AD accounts over SSL.

其他資訊

NetWorker: How to configure "AD over SSL" (LDAPS) from The NetWorker Web User Interface (NWUI)

受影響的產品

NetWorker

產品

NetWorker Management Console
文章屬性
文章編號: 000170865
文章類型: Solution
上次修改時間: 02 6月 2025
版本:  5
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。