Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 4221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

7.405 user portal login for AD group member fails

paule
Hi,

I followed the steps in http://portal.knowledgebase.net/display/2n/kb/article.asp?aid=302244

I want to enable the members of one AD group to log into user portal
and then use remote access via SSL.

I have a working connection to AD, test authentication on Active Directory
Configuration page works, two configured backend group memberships
are shown properly. (astaro has joined the domain)
(the members of one group shall be able to use the user portal, the other
group I created only to verify that the membership is detected correctly)

First error is in the log when I prefetch one goup:

2009:09:23-22:08:13 mail user_prefetch[30693]: ------------------------------------------------------------
2009:09:23-22:08:13 mail user_prefetch[30693]: Adding/updating users
2009:09:23-22:08:13 mail user_prefetch[30693]: ------------------------------------------------------------
2009:09:23-22:08:13 mail user_prefetch[30693]: # 1 Creating user testuser
2009:09:23-22:08:13 mail user_prefetch[30693]: Failed to set object
2009:09:23-22:08:13 mail user_prefetch[30693]: >=========================================================================
2009:09:23-22:08:13 mail user_prefetch[30693]: $VAR1 = [
2009:09:23-22:08:13 mail user_prefetch[30693]: 'OBJECT_NAMESPACE',
2009:09:23-22:08:13 mail user_prefetch[30693]: ''
2009:09:23-22:08:13 mail user_prefetch[30693]: ];
2009:09:23-22:08:13 mail user_prefetch[30693]: 


This thread was automatically locked due to age.
Parents
  • 0
    That's what I thought.  In the 'Users >> Groups' definitions, modify the group so that you have only the content of CN, no "CN=" and none of the other stuff that came across when you dragged the AD group into the definition in the Astaro.  The Prefetch section is correctly configured.

    Also, I noticed that you have joined the Astaro to your domain, activating SSO.  You don't need to join the domain unless you want to use AD SSO in the HTTP Proxy.  At present, you don't have automatic user creation activated for the HTTP Proxy, so you'll need to change that if you want the users to browse via the proxy.

    Cheers - Bob
  • 0 in reply to BAlfson
    I modified the usergroup as you wrote, left the AD settings as before, because changing them to a short Group name leads to:

    2009:09:24-15:25:35 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:35 mail user_prefetch[22763]: Starting synchronization for adirectory
    2009:09:24-15:25:35 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:35 mail user_prefetch[22763]: Retrieving configuration
    2009:09:24-15:25:35 mail user_prefetch[22763]: -> using internal configuration
    2009:09:24-15:25:36 mail user_prefetch[22763]: ldap server:
    2009:09:24-15:25:36 mail user_prefetch[22763]: server: 192.168.yyyyyyyyy
    2009:09:24-15:25:36 mail user_prefetch[22763]: port: 389
    2009:09:24-15:25:36 mail user_prefetch[22763]: ssl: 0
    2009:09:24-15:25:36 mail user_prefetch[22763]: bind_dn: info@intern.yyyyyyyyy.de
    2009:09:24-15:25:36 mail user_prefetch[22763]: update: 1
    2009:09:24-15:25:36 mail user_prefetch[22763]: contexts:
    2009:09:24-15:25:36 mail user_prefetch[22763]: yyyyyyyyy-Remote
    2009:09:24-15:25:36 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:36 mail user_prefetch[22763]: Searching for users
    2009:09:24-15:25:36 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:36 mail user_prefetch[22763]: Connecting to ldap server
    2009:09:24-15:25:36 mail user_prefetch[22763]: ldap server: ldap://192.168.yyyyyyyy:389
    2009:09:24-15:25:36 mail user_prefetch[22763]: search for context 'yyyyyyyy-Remote' failed: invalid search base or filter
    2009:09:24-15:25:36 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:36 mail user_prefetch[22763]: performing ldap search:
    2009:09:24-15:25:36 mail user_prefetch[22763]: ldap search returned 0 users
    2009:09:24-15:25:36 mail user_prefetch[22763]: Search time: 0m 0s
    2009:09:24-15:25:36 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:36 mail user_prefetch[22763]: Adding/updating users
    2009:09:24-15:25:36 mail user_prefetch[22763]: ------------------------------------------------------------
    2009:09:24-15:25:36 mail user_prefetch[22763]: 0 user objects were found:
    2009:09:24-15:25:36 mail user_prefetch[22763]: 0 users were created
    2009:09:24-15:25:36 mail user_prefetch[22763]: 0 users were updated
    2009:09:24-15:25:36 mail user_prefetch[22763]: 0 users are authenticated locally.
    2009:09:24-15:25:36 mail user_prefetch[22763]: Overall time: 0m 0s
    2009:09:24-15:27:52 mail user_prefetch[22850]: ------------------------------------------------------------



    in opposite, with settings as in the screenshot:
    2009:09:24-15:27:52 mail user_prefetch[22850]: Starting synchronization for adirectory
    2009:09:24-15:27:52 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:52 mail user_prefetch[22850]: Retrieving configuration
    2009:09:24-15:27:52 mail user_prefetch[22850]: -> using internal configuration
    2009:09:24-15:27:52 mail user_prefetch[22850]: ldap server:
    2009:09:24-15:27:52 mail user_prefetch[22850]: server: 192.168.yyyyyyyy
    2009:09:24-15:27:52 mail user_prefetch[22850]: port: 389
    2009:09:24-15:27:52 mail user_prefetch[22850]: ssl: 0
    2009:09:24-15:27:52 mail user_prefetch[22850]: bind_dn: info@intern.yyyyyyyyyyyyy.de
    2009:09:24-15:27:52 mail user_prefetch[22850]: update: 1
    2009:09:24-15:27:52 mail user_prefetch[22850]: contexts:
    2009:09:24-15:27:52 mail user_prefetch[22850]: CN=yyyyyyyy-Remote,CN=Users,DC=intern,DC=yyyyyyyyyyy,DC=de
    2009:09:24-15:27:52 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:52 mail user_prefetch[22850]: Searching for users
    2009:09:24-15:27:52 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:52 mail user_prefetch[22850]: Connecting to ldap server
    2009:09:24-15:27:52 mail user_prefetch[22850]: ldap server: ldap://192.168.yyyyyyyyyy:389
    2009:09:24-15:27:52 mail user_prefetch[22850]: context 'CN=yyyyyyyyyy-Remote,CN=Users,DC=intern,DC=yyyyyyyyy,DC=de' is a group. Adding group members:
    2009:09:24-15:27:52 mail user_prefetch[22850]: CN=testuser\, Firstname,CN=Users,DC=intern,DC=yyyyyyyyyyyy,DC=de
    2009:09:24-15:27:52 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:52 mail user_prefetch[22850]: performing ldap search:
    2009:09:24-15:27:52 mail user_prefetch[22850]: searching 'CN=testuser\, firstname,CN=Users,DC=intern,DC=yyyyyyyyyyy,DC=de'
    2009:09:24-15:27:52 mail user_prefetch[22850]: ldap search returned 1 users
    2009:09:24-15:27:52 mail user_prefetch[22850]: Search time: 0m 0s
    2009:09:24-15:27:53 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:53 mail user_prefetch[22850]: Adding/updating users
    2009:09:24-15:27:53 mail user_prefetch[22850]: ------------------------------------------------------------
    2009:09:24-15:27:53 mail user_prefetch[22850]: # 1 Creating user testuser
    2009:09:24-15:27:53 mail user_prefetch[22850]: Failed to set object
    2009:09:24-15:27:53 mail user_prefetch[22850]: >=========================================================================
    2009:09:24-15:27:53 mail user_prefetch[22850]: $VAR1 = [
    2009:09:24-15:27:53 mail user_prefetch[22850]: 'OBJECT_NAMESPACE',
    2009:09:24-15:27:53 mail user_prefetch[22850]: ''
    2009:09:24-15:27:53 mail user_prefetch[22850]: ];
    2009:09:24-15:27:53 mail user_prefetch[22850]: 
  • 0 in reply to paule
    Here is a screenshot of the new group settings
Reply Children
No Data