1. Please help support our sponsors by considering their products and services.
    Our sponsors enable us to maintain high-speed Internet connection and fast webservers.
    They support this free information and knowledge exchange forum service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions

Setting up Active Directory authentication for admin accounts?

Discussion in 'TSM Operation' started by rowl, Oct 30, 2017.

  1. rowl

    rowl ADSM.ORG Senior Member

    Joined:
    May 18, 2006
    Messages:
    228
    Likes Received:
    9
    Does anyone have some pointers for setting up AD authentication for TSM? I have a system where I defined the ldap server in the dsmserv.opt, defined an admin in TSM with auth=ldap and granted them system rights. Setup a user/password to connect to LDAP (which works in an LDAP browser).

    From the client I see
    ANS0361I DIAG: cuGetAuthResultEx(): Error -50 receiving AuthResultEx
    ANS1017E Session rejected: TCP/IP connection failure.
    ANS8023E Unable to establish session with server.

    In the server act log I see
    ANR0405I Session 2309 ended for administrator [email protected] (WinNT).
    ANR0407I Session 2311 started for administrator [email protected] (WinNT)

    I also got a tcpdump and see the TSM server communicating with the LDAP server.

    I have the root CA key and installed that on the server with the gsk8 tools.

    Thanks,
    -Rowl
     
  2.  
  3. rowl

    rowl ADSM.ORG Senior Member

    Joined:
    May 18, 2006
    Messages:
    228
    Likes Received:
    9
    Ok, I solved the problem. Key thing I learned is to make sure you understand what your fully qualified user name is in AD/LDAP. Unknown to me we had 3 different domain suffixes in use. So when setting this up I may need to define [email protected], [email protected], or [email protected]. This is found in AD Users & Computers, User Properties, Account tab.
     

Share This Page