04-22-2008 08:47 PM
I am trying to configure the SA700 to authenticate users by the AD in the domain. I tried to add an authentication server by Authentication > Auth. Servers > Active Directory / Windows NT > New Server.
I entered the details in the "New Active Directory/ Windows NT" page that follows, leaving the "Backup domain controller " field blank and "Allow trusted domains" unchecked. I selected "Use LDAP to get Kerboros realm name".
When I hit the "Test configuration" button, there is a warning message "Either the server is not a domain controller of the domain or the Netbios name of the domain is different from the active directory (LDAP) name." I am sure the server IP address I entered is the domain controller. Not very sure what the second part of the error message means.
There is also an error message:
Error while joining domain [domain name]. Possible causes:
- The specified administrator credentials do not properly authenticate (I am sure this is not the case)
- The specified domain or domain controller may not be valid (I am sure this is not the case, AD machine can ping SA700)
So what else needs to be configured?? or did I not configured correctly??
Solved! Go to Solution.
04-23-2008 07:11 AM
the problem could be that you have done this:
but the domain needs to be "TEST"
Hope this helps you.
04-23-2008 07:35 PM
i also had same problems with auth using AD before. but now i using LDAP auth to get users from my AD. and working fine.
u can using Softerra LDAP Browser software to get LDAP setting on your AD server.
hope can work fine.
04-23-2008 11:45 PM
Thanks. Your reply helped solve my problem. The users can login now.
I tried the LDAP auth before, but always hit the error of "LDAP server not reachable for server [ip address] at port 389" when I tried to "Save Changes". "Test Connection" is fine. I will try to figure out how the Softerra LDAP Browser can help.
I have some users in the AD that do not need to authenticate using a smartcard. These users login ok when using "Active Directory / Windows NT" for authentication.
I have some users in the users that require a smartcard for login. How should I set up the authentication policy for them then? Tried "Active Directory / Windows NT" but always login fails.
04-24-2008 01:06 AM - edited 04-24-2008 08:52 AM
What smartcard product are you using? You will need to create a cert authentication server and add it to the authentication realm. In that way the users will need to select manually the login method they want to use, AD or cert.
04-24-2008 02:18 AM
Actually the user will login into the PC/Laptop using a smartcard and password. I am trying to configure the SA700 such that the user is able to SSO by clicking on the Network Connect and enter into the VPN without needing to enter password and username anymore.
04-24-2008 08:08 AM
for your other question. just use the smartcard certificate (if it has one) to authenticate to the ssl appliance. (the only thing user will have to do (if you want some security user will need to type password to unlock that certificate)).
so just make a new authentication server and attach it to new realm. attach that realm to a new url (so it uses authentication server Certificate).
Only thing user need to do is to click on the NC icon to start it (be sure it points to correct URL)
And then it should work.
04-24-2008 08:52 PM
When I am at Authentication > Signing In > Sign-in Policies > User URLs, there is only 1 entry. How can I add more entries to try your suggestion? There is only "Enable", "Disable","Save Changes". I am expecting a "Add URL" or something similar but there is none.
The most I can do is change the sign-in URL, which is different from adding another sign-in URL.
Do provide instructions to add sign-in URL if possible. Thanks.
04-25-2008 01:01 AM
04-26-2008 07:32 AM
To join Domain successfully -
This Topic drove me insane in da brain, i hope these expiriences help a little bit to make your day.