Unable to authenticate using Active Directory (AD)
Last Updated September 26, 2014
Inability to authenticate using Active Directory.
To determine whether authentication is possible:
1. Test the connectivity with the kinit command to make sure the credentials are correct.
To determine whether authentication is possible using kinit:
If you have Vontu installed, the tool is available in c:\Vontu\jre\bin
If you dont have Vontu installed: -- Download java 6. -- In the java\jdk1.6.0\bin directory, find a tool called "kinit"
Kinit is a simple command line tool. The input is username and password. It will respond back with success (some message about a new ticket) or failure and an exception. The password appears in cleartext on the screen. Customers need to be aware of this.
When set up for the first time, it may complain about a missing krb5.ini file. Modify the krb5.ini file provided in protect\config appropriately and put it at the location asked for.
2. Ensure that the user has an assigned role. Without a role, the user cannot log in to the system.
To assign a role:
Log into the Enforce UI
Go to Administration -> Users -> Users
Select the User in question
Check the box for the appropriate role for that user and save changes
If no roles are set up, you will need to set one up under Administration -> Users -> Roles. Click the Add a Role tab. Then name and define your role. Save changes when you are finished.
NOTE: If Vontu services come online before all the Oracle database services, AD logins might not work until the Vontu services are restarted. In this case, it is recommended to set the “Vontu Manager” service to have a dependency on the “Oracleservice[username]” service.
TECH220609: Tips on setting up Active Directory Authentication
Imported Document ID: TECH220610
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe