Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Desktop >> Sun Secure Global Desktop Software

SGD 4.3 and Active Directory issues

I've run into a problem with sgd authenticating to active directory.

First off the layout. We have two domains that the users authenticate to. Faculty log onto nau, while students use students. Both are child domains of "froot.nau.edu". The default domain is set to students.froot.nau.edu, so as I understand it, students will be able to log in with username, while faculty must log in with username@nau.

tarantella config list output for the ad auth is as follows:

login-ad-base-domain: froot.nau.edu

login-ad-default-domain: students.froot.nau.edu

login-ad: 1

login-anon: 0

login-atla: 1

login-autotoken: 1

login-ens: 1

login-ldap-pki-enabled: 0

login-ldap-url: ad://froot.nau.edu

login-ldap: 0

login-mapped: 0

login-nt-domain: froot.nau.edu

And the error I get when attempting to log in is...

Sun Secure Global Desktop Software (4.3) ERROR:

Active Directory service discovery failed: Failed to find any valid Site objects.

Looking up Global Catalog DNS name: _gc._tcp.froot.nau.edu. - HIT

Looking for GC on server: Active Directory:acaddcs.students.froot.nau.edu:/134.114.52.3:3268:Up - HIT

Checking for CN=Configuration: CN=Configuration,DC=froot,DC=nau,DC=edu - HIT

Looking up domain root context: DC=froot,DC=nau,DC=edu - HIT

Looking up site context: CN=Sites,CN=Configuration

Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT

Looking up addresses for peer DNS: sgd.cens.nau.edu - HIT

Failed to discover Active Directory Site, Domain and server data.

This might mean LDAP users cannot log in.

Make sure the DNS server contains the Active Directory service

records for the forest. Make sure a Global Catalog server is available.

2007/01/09 11:28:52.803 (pid 5289)server/login/error #1168367332803

Sun Secure Global Desktop Software (4.3) ERROR:

The user :mcm75@STUDENTS.FROOT.NAU.EDU: was authenticated but was not found within ldap.

The Active Directory login authority and LDAP webtop would not work

in this situation. The search filter used for this search was :

"javax.naming.directory.SearchControls@182d86"

Check the userProncipalName is correct and valid for user mcm75@STUDENTS.FROOT.NAU.EDU

in the Active Directory.

So as you see, ad users are not actually able to log in.

I am able to do ldap lookups for users with the same service account sgd is configured with:

ldapsearch -b dc=froot,dc=nau,dc=edu -h froot.nau.edu:3268 -D "cn=systemuser1,ou=service,ou=CENS Users and Groups,ou=CENS Labs,dc=students,dc=froot,dc=nau,dc=edu" -w - "cn=mcm75"

Does anyone have any advice?

[2754 byte] By [mcm75a] at [2007-11-26 14:45:23]
«« Eclipse help
»» Tomcat question
# 1
Please check your Kerbrose configuration file Ensure that all entry in this file is right and you are able to login on SGD server itself by the active directory login.hope it will help yourajnish
Rajnisha at 2007-7-8 8:33:00 > top of Java-index,Desktop,Sun Secure Global Desktop Software...
# 2

I don't think I know what you mean about logging in from the server itself. I get that error when I attempt to log in via sgd using the active directory login authority.

I'm still getting that error, and from all the posts on the sgd users mailing list it was suggested that I check dns. DNS appears fine but I am open to all suggestions.

mcm75a at 2007-7-8 8:33:00 > top of Java-index,Desktop,Sun Secure Global Desktop Software...
# 3
Try just using the LDAP authority instead, and point that at your AD server. Maybe going for the standards approach rather than the compatibility approach will yield a different result.
annmarie.scotta at 2007-7-8 8:33:00 > top of Java-index,Desktop,Sun Secure Global Desktop Software...
Desktop
Sun Secure Global Desktop Software

Desktop New Topic

Desktop Hot Topic

Desktop

All Classified