Originally posted by: cris
Originally posted by: joe.paul
Originally posted by: rodrin
Originally posted by: Newbie
Originally posted by: Yoko
Originally posted by: Niklas L
Originally posted by: webfox
Config looks ok, I think its an issue with your username or password:52e​ = invalid credentialsGenerally this happens for one reason, a special character (including a space is not escaped). This happens because character codes are lost in translation between Windows and *nix. I'm not sure what the authenication code was written in (most likely C) but from what I've seen it looks to on *nix and depedent on krb5 (which makes sense since krb5 is used for both LDAP and active directory). Given that the configuration file (the krb5 part) is abstracted we can't solve the problem by using a literal string, so you best option is to try a simple username and password first and then work backards.
I've run into this with a password like #123456# where the password begins and ends with a #
Chances are, if your configuration looks good, but you can't authenticate, it's because of the location of the "service account" that you are using to actually do the LDAP Searches with. Place that user in the same OU as, or a parent OU of, the user(s) you are trying to log into HCS/SNM2 as.
I've communicated to HDS that this is a security concern for me (an I am sure others). I don't like having Service Accounts in OUs where the users of that OU have elevated delegated rights in the domain, I would like to actually be able to define my LDAP Search account in one OU, then have my LDAP lookup Start OU be something entirely different.
Originally posted by: sruby8
[Moved from Legacy Forums to The specified item was not found.]
I have implemented the same using Kerberos/AD. We use the HCS as an SSO for all the storage devices. Makes it easier to control user accounts. Let me know if anyone needs the implementation details. I will be happy to help out.
Hello Avradeep/ All,
I might need your help here.
We are using the Kerberos/ AD as well.
We have two sites (Primary and DR). Primary site is working fine as it was configured long back. But the DR is not working, we are troubleshooting the issue with Hitachi. As the person who implemented in Primary HCS Server, left long time ago before I join this company. We don't know the service account used for the primary server. Can you please help me find the server account used for the Primary HCS server's AD authorization.
Windows/ AD team wasn't able to find the details of the user if we provide them just the server name or AD group name.
QUESTION: How to find the "Service account" that we used on the Primary HCS Server?
Retrieving data ...