Active Directory login not working

This forum is designated to discuss Password Depot Server.
Post Reply
loic
Rookie
Rookie
Posts: 4
Joined: April 7th, 2014, 9:44 am

Active Directory login not working

Post by loic » April 7th, 2014, 11:18 am

Hello,

I've installed the latest version of PDS (on a W2008 server) and successfully imported an Active Directory group and it's users.
I can login with the default admin account from the client installed on my computer.
But it's impossible to login to an AD account : invalid user or password
I've tried to use the following logins :
username
AD\username
username@AD

On the Active Directory PDC, I don't see any error in the AD logs.

Any help would be appreciated.

Thanks !

Loïc Mahé
RSI, Toulouse, France

User avatar
Stefan (AceBIT Team)
Guru
Guru
Posts: 423
Joined: June 4th, 2013, 5:19 pm

Re: Active Directory login not working

Post by Stefan (AceBIT Team) » April 9th, 2014, 12:01 pm

Hello Loïc,

please use the following syntax in the login dialog of the client:

domain\Username
Username@domain

Make sure you enter the username & domain exactly how it appears in the AD.

loic
Rookie
Rookie
Posts: 4
Joined: April 7th, 2014, 9:44 am

Re: Active Directory login not working

Post by loic » April 9th, 2014, 1:27 pm

Stefan (AceBIT Team) wrote:Hello Loïc,

please use the following syntax in the login dialog of the client:

domain\Username
Username@domain

Make sure you enter the username & domain exactly how it appears in the AD.
Hello Stefan,

Thanks for you answer. That's what I did (when I wrote "AD", it was our domain's name).
In the PDS control panel, my account name (not fullname) is "mahel@xxx.yyy.zzz". So I entered mahel@xxx.yyy.zzz or xxx\mahel, without success.

Loïc Mahé
RSI, Toulouse, France

User avatar
Stefan (AceBIT Team)
Guru
Guru
Posts: 423
Joined: June 4th, 2013, 5:19 pm

Re: Active Directory login not working

Post by Stefan (AceBIT Team) » April 9th, 2014, 4:27 pm

Please make sure you enter exactly the same username as you enter when you log in to the Windows domain and that the computer is connected to that domain network.

loic
Rookie
Rookie
Posts: 4
Joined: April 7th, 2014, 9:44 am

Re: Active Directory login not working

Post by loic » April 9th, 2014, 4:32 pm

Stefan (AceBIT Team) wrote:Please make sure you enter exactly the same username as you enter when you log in to the Windows domain ...
Yes, that's what I do.
Stefan (AceBIT Team) wrote:... and that the computer is connected to that domain network.
It is.

Please note that I'm not an end-user but a system engineer with a reasonable experience with Active Directory.
If necessary, I can post some snapshots here.
Is it possible to configure PDS to produce more detailed logs ?

Loïc Mahé
RSI, Toulouse, France

loic
Rookie
Rookie
Posts: 4
Joined: April 7th, 2014, 9:44 am

Re: Active Directory login not working

Post by loic » April 15th, 2014, 9:03 am

Hello,

No idea about what I'm doing wrong here ?

Loïc Mahé
RSI, Toulouse, France

User avatar
Stefan (AceBIT Team)
Guru
Guru
Posts: 423
Joined: June 4th, 2013, 5:19 pm

Re: Active Directory login not working

Post by Stefan (AceBIT Team) » June 4th, 2014, 6:20 pm

Hi Loïc,

I apologize for the late reply. Unfortunately we can't tell what is causing this problem on your computer.

As long as the computers are connected to the domain network and the users are typed in like when you log in to the Windows domain, it should work. We will keep trying top reproduce your issue but currently we can't tell why it's not working on your computer.

Regarding the logs, they will be extended in the future. Currently there is no other log version available.

NorbertFe
Super User
Super User
Posts: 103
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory login not working

Post by NorbertFe » July 4th, 2014, 11:45 am

Hi,

the problem is, that Acebit does not really understand, that SAMAccount Name, NETBIOS Domain Name, AD Domain Name and User Principle Name are different things. If you import users from AD the AD Domain Name from which you import the users is used, but the SAMAccountName of the users is imported. So you end up with wrong UPN and wrong NETBIOS syntax. As pointed out before:
domain\Username (this would be AD domain name xxx.yyy.zzz\SAMACCOUNTNAME, which is WRONG, but could be working)
Username@domain (this would be SAMAccountname@ADdomainName which is wrong, because the UPN hasn't to be localpart=SAMACCOUNTNAME)


Regards
Norbert

PS: This is wrong since the beginning!

User avatar
AceBIT
Site Admin
Posts: 3192
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory login not working

Post by AceBIT » July 14th, 2014, 6:06 pm

Dear Norbert,

Thank you for your posting!

We are aware about the meaning of this terms. The problem is Password Depot Server must solve different problems of compatibility, so it uses NTLM authentication and retrieves from AD the information which is possible to retrieve. We will implement functions for automatic recognition of entered accounts and converting them into appropriate form. This should solve this issue.

NorbertFe
Super User
Super User
Posts: 103
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory login not working

Post by NorbertFe » July 23rd, 2014, 12:22 pm

No it does not retrieve necessary informations from AD. It just retrieves the AD Domain Name and the samaccount Name. It does not retrieve the UPN local part and not the UPN Domain part and not the NETBIOS Domain name. And NTLM works with both account names. ;)

Bye
Norbert

NorbertFe
Super User
Super User
Posts: 103
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory login not working

Post by NorbertFe » July 5th, 2017, 12:17 am

Any news Infos on this topic? I just upgraded to version 10 and the same problem as outlined above apply here. It really should be possible, to get at least the NETBIOS Domain Name instead of the AD Domain Name, so that using NETBIOSDOMAIN\SAMACCOUNT Name is something a "normal user" can remember and associate with other Logins. The far more better option would be, use all possible login names.

Regards
Norbert

User avatar
AceBIT
Site Admin
Posts: 3192
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory login not working

Post by AceBIT » July 13th, 2017, 5:58 pm

This is not clear. Can you please provide with more details? Yes, we use NTLM to authenticate the users, we have checked other options and found nothing more universal and convenient. In v10 the authentication process is simplified as much as possible

NorbertFe
Super User
Super User
Posts: 103
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory login not working

Post by NorbertFe » July 17th, 2017, 1:31 pm

Did you read this posting?
viewtopic.php?f=25&t=7356#p23334

If I use the Active Directory Synchronization Feature I end up with Users like

Active-Directory.local\Norbert

Which is simple WRONG! It should either read DOMAIN\Norbert or my userprincipalName which is n.surname@external-domain.tld

This isn't such a complicated issue, that it should exist more than 3 years after reporting it first.

Thanks. If you need more info, let me know.

Regards
Norbert

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest