01-19-2012 06:15 AM
Just installed Network Advisor (NA) 11.1.2 - trying to get authentication to work against either LDAP or AD (same server in my case)
In DCFM it was required user was created locally, blank password and then authenticated against LDAP worked - this is no good in my book.
In NA it have this nice fetch button, works great, found my AD/LDAP group, granted AOR all and SAN System Administrator to it, saved (and rebooted just to be sure) and cant login
Created my user locally, no AOR or groups - got error, saying I need to map my user to some AOR/gruops - when doing so I can login.
Question is; Why have LDAP/AD Groups which have been granted AOR/roles when it cant be used without creating user locally ?
Does anyone know a work around or can point me in the the right direction on this user issue ?
Secondly: Where to set the user id to be used to fetch information from LDAP/AD - is it the one used during configuration of AAA ?
Bonus question: Does NA still require admin access to SAN Switchs to collect data ? Sofar I have read Chassis Admin, but also Admin role?!
Thanx in advance
03-07-2013 06:54 AM
Just installed 11.3.0 - now it says you must use Window Domain as primary authentication mechanism and none as secondary - sounds good. Only issue is, it dosnt work
I can fetch my groups and assign Fabric and Roles to the AD group but I get permissions denied when trying to login - until I create the user on BNA with blank(!!) password and assign the needed Fabric and Roles to that user.