Skip to main content
Start a Conversation

Unsolved

Closed

V

VictorGh

1 Rookie

 • 

35 Posts

153

July 18th, 2023 09:00

EMC NetWorker 19.3 - LDAP integration - can't get the query-ldap-users to work.

Hi guys

We're on NetWorker 19.3 - Windows environment.

I'm testing LDAP integration, I followed this guide:

https://www.dell.com/support/kbdoc/en-ca/000156107/how-to-setup-ad-ldap-authentication-in-networker-18

I added the External Authority successfully for our DC.

And I added the External Repository User successfully (the same one I configured for the External Authority).

However, following the guide from the link above, the following command results in Error executing command. Failure: 401 . Server message: Unauthorized access: The username or password is incorrect.

authc_mgmt -u Admin_account -p Password123 -e query-ldap-users -D query-tenant=tenant_name -D query-domain=domain.com

I tried it few dozens times every which way, I reset the PW on the user, I created a new user, I tried the syntax without the -p switch (to enter the PW manually), I tried setting a simple PW without special characters too.

Can anyone advice if this is an issue, are there actions I need to take on the DC for this to work?

I am using a user which is member of the Domain Admins.

I can test the following command successfullynsrlogin -u Admin_account -d domain.com, I get Authentication succeeded.

I just can't get the query-ldap-users to work.

 

VictorGh

1 Rookie

 • 

35 Posts

July 19th, 2023 11:00

A more important issue I'm having:

In NMC Roles, When I add the DN of a user (example: CN=testUser1,OU=Service Accounts,DC=subdomain,DC=domain,DC=com) in the Console App Admin and Console Security Admin roles, I can login with testUser1 successfully.

However, when I try to add an entire OU (where testUser1 resides), I add the DN of that OU (example: OU=Service Accounts,DC=subdomain,DC=domain,DC=com) and when I try to login with testUser1, I get error: You do not have privileges to use NetWorker Management Console.

Can anyone advice how to add an entire OU as opposed to a single user at the time?

 

barry_beckers

393 Posts

July 20th, 2023 01:00

to validate the password, you can test this outside of NW itself: https://www.dell.com/support/kbdoc/en-us/000048325?lang=en "NetWorker: AD/LDAP integration authc_config command failing due to service account password "ldap_bind: Invalid credentials (49) Error code 49, data 52e" the account and password being used is correct." using ldapsearch.

The KB also describes the situation that the password cannot be used in plain text prevented by the OS security. To circumvent that, they read a hidden file containing the password into a script.

View More

View All

No Events found!

Top