VMware Cloud Community
virtualinca
Enthusiast
Enthusiast
‎06-08-2020 09:30 AM
Jump to solution

vRealize Log Insight 8.0.1 and AD nested groups

Hi all,

I have a problem with authentication of users in nested AD groups, because they are not able to login with group-based roles.

Logon is however possible if the same users  are directly configured within Access control.

Would be here a possible solution as explained in KB2079763 for Log Insight 4.5?

VMware Knowledge Base

Thanks!

Senior Engineer HCI@DellEMC | vExpert ️| VCP-DCV | vSAN Specialist | VxRail and VMware Data Center Virtualisation Implementor | VxRail and VMware Data Center Virtualisation Administrator | Owner of virtualinca.com |
Labels (2)
Labels
0 Kudos
1 Solution

Accepted Solutions
virtualinca
Enthusiast
Enthusiast
‎06-10-2020 03:01 AM
Jump to solution

So, I found the solution for it...

It is possible and safe to use recommendations for vRLI 4.5 on 8.0.1 also.

Workaround for LogInsight Standalone:

Add following lines here https://fqdn/internal/config :

<ad-nested-groups value="true" />
<ad-nested-groups-matching-chain-rule value="false" />

No need to restart services, change is immediate and users in nested groups were able to log in.

Workaround for 3 Node Cluster:

Add following lines here https://fqdn-ILB/internal/config (Master node ILB):

<ad-nested-groups value="true" />
<ad-nested-groups-matching-chain-rule value="false" />

Configuration will be replicated on all nodes. No need to restart services, change is immediate and users in nested groups were able to log in.

Here's KB -> https://kb.vmware.com/s/article/2079763

Senior Engineer HCI@DellEMC | vExpert ️| VCP-DCV | vSAN Specialist | VxRail and VMware Data Center Virtualisation Implementor | VxRail and VMware Data Center Virtualisation Administrator | Owner of virtualinca.com |

View solution in original post

0 Kudos
1 Reply
virtualinca
Enthusiast
Enthusiast
‎06-10-2020 03:01 AM
Jump to solution

So, I found the solution for it...

It is possible and safe to use recommendations for vRLI 4.5 on 8.0.1 also.

Workaround for LogInsight Standalone:

Add following lines here https://fqdn/internal/config :

<ad-nested-groups value="true" />
<ad-nested-groups-matching-chain-rule value="false" />

No need to restart services, change is immediate and users in nested groups were able to log in.

Workaround for 3 Node Cluster:

Add following lines here https://fqdn-ILB/internal/config (Master node ILB):

<ad-nested-groups value="true" />
<ad-nested-groups-matching-chain-rule value="false" />

Configuration will be replicated on all nodes. No need to restart services, change is immediate and users in nested groups were able to log in.

Here's KB -> https://kb.vmware.com/s/article/2079763

Senior Engineer HCI@DellEMC | vExpert ️| VCP-DCV | vSAN Specialist | VxRail and VMware Data Center Virtualisation Implementor | VxRail and VMware Data Center Virtualisation Administrator | Owner of virtualinca.com |
0 Kudos