Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84571members
353844posts

AD Authentication setup

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

DCIM_Support
Picard
Picard
0 Likes
11
419

AD Authentication setup

This question was originally posted on DCIM Support by Ed Krimmer on 2016-10-20


I am working on using AD for authentication with DCE 7.4.1

I have configured the authentication server and selected a group that I created in AD. However, I am not realizing any benefit from this as the credentials are not accepted at login. Unless I'm unclear on what to expect.  

Secondly, while the Group I've selected appears, individual users do not (2nd screenshot)

 

(CID:108829490)

11 Replies 11
DCIM_Support
Picard
Picard
0 Likes
9
419

Re: AD Authentication setup

This answer was originally posted on DCIM Support by Steven Marchetti on 2016-10-20


Hi Ed,

 

A good place to start is to look at k-base FA158395. This should help you with a lot of the little stuff.

If you've set up an AD group and have added it to DCE, the next thing you have to do is to give that groups permissions inside of DCE. We don't pull permissions from the server, just names, passwords, and e-mails for server level events.

 

If your users can't log in. please be sure they are in the same search base used to add the group. If DCE can't search for both the group AND it's included users, you won't be able to log in with those credentials. Make sure you also do not have duplicate users where they exist on the DCE server as well las the AD group as this could cause conflicts.

 

Finally, if you had started this incorrectly, delete the AD entry and make a new one. I have seen issues where you choose LDAP and then go all the way to the end and logins fail (even though it appears to allow you to add them) or even if you choose LDAP and go part of the way to finish, go back and change to AD, sometimes the change doesn't take and you'll still get a failure.

 

Thanks,

Steve

(CID:108829501)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Ed Krimmer on 2016-10-20


Ok. I change the AD group to Universal and tried removing it from DCE and adding back as the scenario you described could have happened. Still no luck.

The search base is essentially the entire directory : DC=milbank,DC=local.  Perhaps I'm hitting a size limit that was mentioned in the technote but the users and the group are in different OUs below this base.

I have specified DCE permissions to the group once it has been selected.

Ed

 

(CID:109446914)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Steven Marchetti on 2016-10-21


Hi Ed, I just re-read your initial post. Hopefully this is just a secondary question but you mentioned: while the Group I've selected appears, individual users do not You should know that the users will not show, only the groups. Rights are then associated based on those groups. Steve

(CID:109446915)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Steven Marchetti on 2016-10-21


Back to the login issue, can you create a test group and in the same container, create a user. Make it very simple with no difference between long and short names. Add that group and give that groups rights within DCE. Can that user log in? Steve

(CID:109446916)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Ed Krimmer on 2016-10-21


If you look at the screenshot I inserted in the original post what I meant to convey was that if I chose individual users rather than a group the did not (and do not) appear under the "Users" heading.

(CID:109446918)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Steven Marchetti on 2016-10-21


Sorry, I must have misunderstood. I thought you expected to see the users once you added the group. Ok, so if you DID add individual users through the authentication server, they did not show up? Could you try the test I suggested and again, create this as a new authentication server entry? Steve

(CID:109446917)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Ed Krimmer on 2016-10-21


I've added a user in the same container as the group. Removed the group from DCE and added it back.

 

(CID:109446906)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Steven Marchetti on 2016-10-21


Hi Ed, 

 

I feel there's something we're missing and doing this over the forum may not be the best way to reach a resolution. What region are you in? US, Europe? I think it may be best if we contact you directly. I can get your e-mail from the system but want to verify who to get to contact you.


Steve

(CID:109446909)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Ed Krimmer on 2016-11-01


This issue has been resolved. I followed the very useful technote but in the end I believe the ultimate resolution to enable AD authentication (after the components were configured) was a restart of the server

(CID:109447665)

DCIM_Support
Picard
Picard
0 Likes
0
419

Re: AD Authentication setup

This comment was originally posted on DCIM Support by Steven Marchetti on 2016-11-01


That's weird. It shouldn't be required but I'm glad it worked!

(CID:109447666)

DCIM_Support
Picard
Picard
0 Likes
0
419

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.