/build/static/layout/Breadcrumb_cap_w.png
05/26/2019 336 views

I am new in using the KACE SMA and attempting to configure LDAP Authentication, but I continue to get the following errors. I have searched and read through similar questions, but haven't quite found the right answer.  Is what I am entering into the Advanced Search and Base DN boxes part of the issue? If so, what should it be to complete the authentication? 

Testing LDAP Authentication Settings...

Testing "LDAP User Import" connection to: hv-dc1 on Port: 389

OK: Connection Successful.

OK: Setting Protocol Version 3 Successful.

OK: Setting LDAP REFERRALS Option 0 Successful.

OK: Search Bind using LDAP supplied credentials Successful.

Applying search filter [ObjectGUID,SamAccountName,Display Name,Mail,* ]

Error: LDAP search (with filter [ObjectGUID,SamAccountName,Display Name,Mail,* ]) Failed.

Error: LDAP Test Failed. Closing connection.

Advanced Search:

ObjectGUID,SamAccountName,Display Name,Mail,KBOX_USER 

Base DN: 

OU=Executive,DC=hv-dc1,DC=com

OU=Finance,DC=hv-dc1,DC=com

OU=Human Resources,DC=hv-dc1,DC=com

OU=I T Staff,DC=hv-dc1,DC=com

OU=Maintenance,DC=hv-dc1,DC=com

OU=Operations,DC=hv-dc1,DC=com

OU=Public Affairs,DC=hv-dc1,DC=com

OU=Test GPO,DC=hv-dc1,DC=com


Thank you!

0 Comments   [ + ] Show comments

Comments


All Answers

1

Try this as your "advanced search".....

(&(&(&(samaccountname=KBOX_USER)(samaccounttype=805306368))(mail=*))(!(userAccountControl:1.2.840.113556.1.4.803:=9)))

Answered 05/26/2019 by: akmagnum
Red Belt

  • It is still proving me with an error:

    Applying search filter [(&(&(&(samaccountname=*)(samaccounttype=805306368))(mail=*))(!(userAccountControl:1.2.840.113556.1.4.803:=9)))]
    Error: LDAP search (with filter [(&(&(&(samaccountname=*)(samaccounttype=805306368))(mail=*))(!(userAccountControl:1.2.840.113556.1.4.803:=9)))]) Failed.
    Error: LDAP Test Failed. Closing connection.
1

Good morning,


please try the following.


If you are in "Settings / Control Panel / User authentication", you can create a new LDAP authentication. After that you type your Domain Controller in the "Hostname or IP Address" field. The Port is at default 389. If you are using secure LDAP you need to set the port to 636. In the "Advanced search" field you must set a query for your needs. For example. If you want that every user can authenticate to the KACE user console you must set the following search:


(&(samAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(samaccountname=KBOX_USER))


The KBOX_USER variable will be set if a user tries to login to the SMA user console or you use the import scheduler. If you want to test this query, you must set a real username in there. For example "sven.hain". After the successfully testing you must replace it to the KBOX_USER variable. This query importing you every active user from your AD.


In the "Base DN" field you must set the base tree from where the SMA will search for any users. In my environment I had set the Base DN to "OU=Benutzer,OU=Contoso,DC=contoso,DC=local" because under this AD tree there are all my productive users.


For the login account i recommend that you create a SMA service account. Please do not user an administrator account for that. You only need read access to the AD.


Another example is my admin query. Here are my advanced search and the base DN:


Advanced Search:


(&(samAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof:=CN=Kace Admins,OU=Gruppen,OU=Contoso,DC=contoso,DC=local)(samaccountname=KBOX_USER))


At "member of" you set the distinguished name of your Kace Admin group.


Base DN:


DC=contoso,DC=local.


This base DN is the root path because my admin accounts are in different OUs.


Hope that helps you.

Answered 05/29/2019 by: sven.hain
Senior Yellow Belt

  • Thank you everyone. I have completed the import. I appreciate the help.
0

Why not simplify your approach, use the default searchbase dn and set the Base DN to the top of your AD tree, can you then authenticate?? If so you know you have an issue with your settings and not your AD??

Answered 05/28/2019 by: Hobbsy
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share