VMware Cloud Community
ikiris
Enthusiast
Enthusiast
Jump to solution

Log Insight 2.0 Beta AD Auth issue

I just updated my lab instance to 2.0 Beta and AD auth has stopped working.

I validated that it was working before the upgrade

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Labels (1)
Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
sflanders
Commander
Commander
Jump to solution

Hey ikiris - can you confirm your issue is now resolved? If so, can you mark this questions as answered?

If anyone is experiencing this issue and has not received the patch, please reach out to me directly.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

Reply
0 Kudos
24 Replies
sflanders
Commander
Commander
Jump to solution

Does a test work from the Administration - Authentication section? Under Administration - Users does UPN and suffix match for the user in question? In what format are you trying to login (e.g. <domain>\<username> or <username>@<domain>)?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
ikiris
Enthusiast
Enthusiast
Jump to solution

Test does work from Administration - Authentication (using the same account)

UPN and suffic matches

I have tried logging in with three formats

<username>

<domain>\<username> (this did not work for me in 1.5)

<username>@<domain>

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Please generate a support bundle and upload per http://kb.vmware.com/kb/1008525 (no need for SR just upload to a folder called ikiris)

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
ikiris
Enthusiast
Enthusiast
Jump to solution

Support bundle uploaded

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Reply
0 Kudos
mw_dg
Enthusiast
Enthusiast
Jump to solution

I can confirm I have the same issue.  I logged in with my AD account, did the upgrade, and cannot log in with my AD account now either.

What is different for me is that the root account works fine at the console, but does not work in the web.  So very odd.  Did a restart and watch the appliance boot and saw no errors or issues during boot. 

Michael

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Hey Michael - root will not work in the UI unless you create a local root user. What is the AD username you are attempting to log in as?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
mw_dg
Enthusiast
Enthusiast
Jump to solution

Thanks Steve, I forgot about root.  I am using domain\user, and user@domain with no luck as well as user.

The actual domain name is thewhites.ca, and my account is mwhite.

I note in authentication there is no longer an account name.  I am going to add it back and see how it goes.

Michael

Reply
0 Kudos
mw_dg
Enthusiast
Enthusiast
Jump to solution

Hi Steve,

Confirmed that when I add the service account and password to LI Authentication area, and than test successfully that after I log out, I can in fact log back in the exact same way I was before.  Meaning just using username and not using domain with it at all.

So the bug is that authentication information is not maintained through the upgrade.  Other things like users, or NFS config info is.

Michael

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Interesting - so you upgraded from 1.5 GA to 2.0 beta and the binding username was removed from the authentication section, but the default domain was not?

ikiris - sorry for hijacking the thread, we are looking into your issue as well. My guess is it has something to do with your username containing an exclamation mark, can you try an AD user that does not have one in it?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Michael - can you send me a link to the support bundle for your instance?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

ikiris - in addition to testing a user without !, can you also see if you might be experiencing the same as what Michael reported? Log in and go to Administration - Authentication and see if the binding user is defined. If not, define, test, save, and try to log in again. Let me know how you make out.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
ikiris
Enthusiast
Enthusiast
Jump to solution

Binding user was there and tested. it was the same as the account with the !

I also got an error when trying to add an AD user that didn't have a !

AuthenticationException: Unable to get attributes for domain 'my.domain.net'.; AuthenticationException: Invalid or untrusted domain 'my.domain.net'; nameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=my,DC=domain,DC=net' ]

I hit 'yes' to continue to add and it didn't allow me in.


-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Reply
0 Kudos
dominic7
Virtuoso
Virtuoso
Jump to solution

I get the same error as well. AD auth didn't work for me in 1.5 though either. My user passes a succesful test but fails at looking up groups or users to add to LI2.0

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

dominic7 - Please generate a support bundle and upload per http://kb.vmware.com/kb/1008525 (no need for SR just upload to a folder called dominic7)

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
dominic7
Virtuoso
Virtuoso
Jump to solution

They Support Assistant 2.0 doesn't have the right product to upload to, and the https://ftpsite.vmware.com won't accept a new folder name unless it's a 12 digit SR. It's only a 12M bundle so I could email it to you or... ?

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Make up a support # and let me know what you choose

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
dominic7
Virtuoso
Virtuoso
Jump to solution

SR #

96385274196

Logs, uploaded.

Reply
0 Kudos
aussiebigkid
Contributor
Contributor
Jump to solution

I'm having a similar issue as well. Never tried AD Auth previously,  however I am trying to set it up now under 2.0. I get a similar java error in the logs when I try to add an AD user or group (Error while getting user attributes). The binding seems to work OK.

I have uploaded a support bundle under folder 932233883388

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

aussiebigkid:

* Does the binding username contain any special characters? If so, can you try one without?

* Is the binding user an administrator of the domain? If not, can you try one that is?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos