03-26-2013 03:06 AM
We have just upgraded to BNA 12.0 on Windows Server 2008 R2 and are trying to enable Windows-based AD domain authorisation.
I have created an AD group and populated the membership.
In BNA on the LDAP Authorisation tab in Users, I have selected the group from AD and assigned a Role and an AOR (All Hosts and SAN System Administrator respectively)
However when I try to login with an AD account that is a member of the group, I get an error "Could not login. You should have at least one role assigned. Contact the user manager."
In AAA settngs
… the solution may be was to set the Authorization Preference to : LDAP Authorisation
rights are assigned based on LDAP group assignments.
After making this change, cuwe are now able to login using AD credentials.
What is the purpose of the “Windows Domain” option for authentication if it does not operate correctly?