All,
I have ASG 7.007 authenticating users via active directory on a Windows Small Business Server 2003 machine.
My webadmin access configuration allows access to a user group I've called 'active directory domain admins' which itself is defined as the 'domain admins' group within active directory.
All worked fine until recently when I changed the password of the Active Directory user account account which is used as the 'bind user' specified on the Uses>>Authentication>>ActiveDirectory screen of ASG.
After that, I couldn't log into webadmin using any of the Active Directory domain admin accounts. I quickly realised that the 'bind user password' stated on the Users>>Authentication>>ActiveDirectory screen would need updating to match the new one in Active Directory, but doing that didn't fix things. The only way I could log into webadmin was by using one of the users defined locally within ASG.
After some head-scratching I tried removing the 'Active Directory DomainAdmins' group from the 'Allowed Users' list in 'Management>>WebAdmin settings>>Access Control'. I then saved the settings, before re-inserting the 'Active Directory DomainAdmins' group and saving the settings again. Now everything works as expected.
I am intrigued however as to just what mechanisms are at work in exchanging authentication info between ASG and Active Directory, and would greatly appreciate it if anyone could enlighten me, or point me in the direction of some further reading. Also, is there a log file(s) in ASG which tracks the exchange of such authentication processes.
Regards,
Alex
This thread was automatically locked due to age.
