- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- MSM765 + WINDOWS AD
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-10-2010 11:17 PM
тАО03-10-2010 11:17 PM
Re: MSM765 + WINDOWS AD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 07:24 AM
тАО03-11-2010 07:24 AM
Re: MSM765 + WINDOWS AD
Can you start the extra Radius/AD debug in the Tools > System Tools, put in place an external/remote syslog to make sure all the info is captured, as well as starting a trace on 127.0.0.1 radius port 1645 (the MSM controller loopback interface and internal RADIUS server).
And post/attach the captured remote syslog, and trace as well as providing the SW version number that you are using so that we can have more details around what's going on within the controller?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 08:55 AM
тАО03-11-2010 08:55 AM
Re: MSM765 + WINDOWS AD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2010 12:18 PM
тАО03-11-2010 12:18 PM
Re: MSM765 + WINDOWS AD
Just a few words in addition:
In official HP Installation giude said that controller which joined to AD "retrieves the names of all the active directory groups of which the user is a member". Prior said that we should define group attributes with the same name that OU containers in Domain controller. My user belongs to OU = IT (and this attribute defined). In all ways controller should pass through this to find out if user belongs to this group. Forthemore if i deactivate the DEFAULT GROUP the user becomes unknown (invalid), but it found in AD (the attached log this shows). If I turn back on i receive "A:Login OK" but then access reject......
In addition i liked "Egress VLAN" feature in the attributes configration because my users are in different OU and i want to make this OU users connected to the network with their "wired" dhcp range and existing VLAN..
But how to get it worked....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2010 06:05 AM
тАО03-12-2010 06:05 AM
Re: MSM765 + WINDOWS AD
The name of the groups that you configure in the Authentication > Active Directory page MUST absolutely match what is returned by your Active Directory server.
It seems from the more detailed log that your Active Directory server returns groups like "GIT", "(MX) Administrators", (MX) IT Group", "DIAL IN", "(MX) All Employees", "(MX) TO", "(MX) HD" and "GRASIT" for your user.
The issue is that none of these group names correspond to a profile in your MSM Active Directory page, which defines groups like "it", "departments", and "users". Try renaming the "it" group on the MSM controller to "GIT" or whatever name that correspond to a real Active Directory group returned by your server to see if that works.
I strongly suspect this is why the system cannot match the user attributes and refuses the authentication.
Again, to match the user attributes, the MSM controller much have an EXACT match between what's returned from the Active Directory server and what has been configured as group locally on the MSM controller.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2010 06:16 AM
тАО03-12-2010 06:16 AM
Re: MSM765 + WINDOWS AD
One more thing, egress vlan directly from GROUP ATTRIBUTE page doesnt work, only works if i assign an account profile and put VLAN there...
Is it ok?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2010 06:42 AM
тАО03-12-2010 06:42 AM
Re: MSM765 + WINDOWS AD
Actually a pretty good feature of the product is to be able to "see" the result in the effective attributes. I have attached an example.
So I would say make sure the checkbox is on next to the VLAN that you don't have an account listed and that the result windows shows the actual VLAN that will be assigned.
If you have all that, then it should work and the VLAN should get assigned.
- « Previous
-
- 1
- 2
- Next »