Setting up Active Directory authentication for admin accounts?

rowl

ADSM.ORG Senior Member
Joined
May 18, 2006
Messages
266
Reaction score
10
Points
0
Website
Visit site
PREDATAR Control23

Does anyone have some pointers for setting up AD authentication for TSM? I have a system where I defined the ldap server in the dsmserv.opt, defined an admin in TSM with auth=ldap and granted them system rights. Setup a user/password to connect to LDAP (which works in an LDAP browser).

From the client I see
ANS0361I DIAG: cuGetAuthResultEx(): Error -50 receiving AuthResultEx
ANS1017E Session rejected: TCP/IP connection failure.
ANS8023E Unable to establish session with server.

In the server act log I see
ANR0405I Session 2309 ended for administrator [email protected] (WinNT).
ANR0407I Session 2311 started for administrator [email protected] (WinNT)

I also got a tcpdump and see the TSM server communicating with the LDAP server.

I have the root CA key and installed that on the server with the gsk8 tools.

Thanks,
-Rowl
 
PREDATAR Control23

Ok, I solved the problem. Key thing I learned is to make sure you understand what your fully qualified user name is in AD/LDAP. Unknown to me we had 3 different domain suffixes in use. So when setting this up I may need to define [email protected], [email protected], or [email protected]. This is found in AD Users & Computers, User Properties, Account tab.
 
Top