Management Software

Reply
Occasional Contributor
Posts: 7
Registered: ‎07-17-2009

LDAP/AD Authentications in Network Advisor

Hi

Just installed Network Advisor (NA) 11.1.2 - trying to get authentication to work against either LDAP or AD (same server in my case)

In DCFM it was required user was created locally, blank password and then authenticated against LDAP worked - this is no good in my book.

In NA it have this nice fetch button, works great, found my AD/LDAP group, granted AOR all and SAN System Administrator to it, saved (and rebooted just to be sure) and cant login

Created my user locally, no AOR or groups - got error, saying I need to map my user to some AOR/gruops - when doing so I can login.

Question is; Why have LDAP/AD Groups which have been granted AOR/roles when it cant be used without creating user locally ?

Does anyone know a work around or can point me in the the right direction on this user issue ?

Secondly: Where to set the user id to be used to fetch information from LDAP/AD - is it the one used during configuration of AAA ?

Bonus question: Does NA still require admin access to SAN Switchs to collect data ? Sofar I have read Chassis Admin, but also Admin role?!

Thanx in advance

Christian

Occasional Contributor
Posts: 8
Registered: ‎10-11-2006

Re: LDAP/AD Authentications in Network Advisor

Hi,

I'm having the same issue with LDAP/AD Groups and Network Advisor. Did you get anywhere with this ?

Bgrds,

Finnur

New Contributor
Posts: 3
Registered: ‎05-02-2012

Re: LDAP/AD Authentications in Network Advisor

Hi Christian,

Sorry, I haven't got anything to offer, but just adding my voice to list of affected users.

Regards,

Sam

New Contributor
Posts: 2
Registered: ‎07-06-2012

Re: LDAP/AD Authentications in Network Advisor

Hi Christian

I'm having the same issue with LDAP/AD Groups and Network Advisor. Did you have any news about this?

Regards

Urs

Occasional Contributor
Posts: 7
Registered: ‎07-17-2009

Re: LDAP/AD Authentications in Network Advisor

Just installed 11.3.0 - now it says you must use Window Domain as primary authentication mechanism and none as secondary - sounds good. Only issue is, it dosnt work

I can fetch my groups and assign Fabric and Roles to the AD group but I get permissions denied when trying to login - until I create the user on BNA with blank(!!) password and assign the needed Fabric and Roles to that user.

Occasional Visitor
Posts: 1
Registered: ‎01-18-2011

Re: LDAP/AD Authentications in Network Advisor

maybe this solves your problem:

 

http://support.microsoft.com/kb/975697/en-us

Occasional Contributor
Posts: 5
Registered: ‎05-24-2010

Re: LDAP/AD Authentications in Network Advisor

Hi

 

You're right that if creating a "dummy" user in the local database it works perfectly with domain authentification. This issue still persist on BNA 14.0.0.

 

Have you investigated it further and got a final fix for it?

 

Otherwise I'll create a support case for this issue.

External Moderator
Posts: 4,974
Registered: ‎02-23-2004

Re: LDAP/AD Authentications in Network Advisor

@Peter Schmidt

 

->Otherwise I'll create a support case for this issue.

 

in BNA higher 14.x release, are diverse Defect closed.

 

you can open a TAC, but if this is a Closed DEFECT, need to Upgade to.

 

what I want to say, you get most probable the same answer from Support.

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎05-24-2010

Re: LDAP/AD Authentications in Network Advisor

Hi @Antonio Bongiorno TechHelp24

 

I've upgraded to 14.3.0 but the problem is stil the same.

 

I've now played with the AAA settings, and i found that if i change the primary authentification source from "Windows Domain" to "LDAP Server", choose "Authentication Server Groups" in "authorization Preference" and add the AD LDAP server to the LDAP Servers list it works perfectly.

 

It can now both authenticate the user and give the user the permisions that I've applied to the AD security group.

 

I hope others find this handy.

New Member
Posts: 1
Registered: ‎09-08-2017

Re: LDAP/AD Authentications in Network Advisor

[ Edited ]

This solved my issue, but required a small change to ensure that local users still worked in the event that LDAP wasn't available...

For Fail Over Option I needed select LDAP Authentication Failed along with having the Secondary Authentication set to Local Database. Without doing this, my local admin account was not able to login due to not being found within LDAP.  If you don't want an emergency local account in the event that LDAP is unreachable, this may not matter to you. However, it's my belief that you should always have a local admin account that can access the system in the event of an emergency. Works perfectly now. For the record I am running CMCNE 14.2.0. Thanks!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.