DX NetOps

 View Only
  • 1.  Unable to authenticate user with LDAP on NFA

    Posted Feb 04, 2020 10:14 AM
    Hi everyone.
    I am configuring ldap in nfa 10.0.2, but for a reason that I don't know why, I can't authenticate with my domain user.

    I see on the logs SingleSignOnAuditLog2020-02-04.log ---->

    2020-02-04 06:31:56, Product Code: ra, Username: mechagarreta, Remember Me: false, SSO version: 7.0, Remote Host: 172.26.13.233, Error Message: Unable to authenticate user.

    This is my configuration of LDAP connection ---->

    SSO Configuration/CA Network Flow Analysis:

    1. LDAP Authentication
    2. SAML2 Authentication
    3. Performance Center
    4. Single Sign-On
    5. Test LDAP
    6. Export SAML2 Service Provider Metadata

    Choose an option > 1

     SSO Configuration/CA Network Flow Analysis/LDAP Authentication:

    Connection User: CREDES\MCA

    Connection Password: ********

    Search Domain: ldap://srvdomain02/OU=Usuarios,DC=credes,DC=local

    Search String: (sAMAccountName={0})

    Search Scope: Subtree

    User Bind: Enabled

    Encryption: false

    Account User: {SAMAccountname}

    Account User Default Clone: Usuarios

    Group: <LDAPGroups><Group searchTag="memberOf" searchString="CN=CA-Guest,OU=Grupos,DC=credes,DC=l

    ocal" user="{saMAccountName}" passwd="" userClone="user"/><Group searchTag="memberOf" searchString="

    CN=CA-Admin,OU=Grupos,DC=credes,DC=local" user="{saMAccountName}" passwd="" userClone="admin"/></

    LDAPGroups>

    Krb5ConfigFile:

    Status: Enabled

    Timeout: 10000

    When I execute "Test LDAP" see that the user is found on the domain, but the message "Clone SUCCESS" not appear.

    What can I do?

    Note: In other canfa but version 9.5.0 the connection ldap it's work.


  • 2.  RE: Unable to authenticate user with LDAP on NFA

    Posted Feb 04, 2020 10:31 AM
    Authentication should not be handled locally. By default is done using Performance Center. Check the settings on the PC and NFA also. NFA should not have configured a (2) Local Override setting, it should receive settings from PC, in order for SSO to work. 
    SSO configuration on Performance Center.

    ------------------------------
    Senior Consultant
    SolvIT Networks
    ------------------------------



  • 3.  RE: Unable to authenticate user with LDAP on NFA

    Posted Feb 04, 2020 11:58 AM
    Hi @Catalin Farcasanu 

    But Performance Center is necessary installed ​? Let me comment to you. I had installed NFA 10.0.1 and LDAP integration was working with the configuration indicated on this case. Owing to problems with the VM, we lost NFA. We install a new machine with a fresh installation of OS and NFA but 10.0.2 version, the configuration ldap is the same that 10.0.1 version.


  • 4.  RE: Unable to authenticate user with LDAP on NFA
    Best Answer

    Posted Feb 04, 2020 02:20 PM
    Hi everyone.

    My problem was solved.
    Yes if possible, configured LDAP only with ca nfa, isn't necessary Performance Center. The LDAP admin it had change a security group. Now my authentication is successful

    SSO Configuration/CA Network Flow Analysis/LDAP Authentication:
    Connection User: CREDES\MCA
    Connection Password: ********
    Search Domain: ldap://srvdomain02/OU=Usuarios,DC=credes,DC=local
    Search String: (sAMAccountName={0})
    Search Scope: Subtree
    User Bind: Disabled
    Encryption: false
    Account User: {SAMAccountname}
    Account User Default Clone: Usuarios
    Group: <LDAPGroups><Group searchTag="memberOf" searchString="CN=CA-Guest,OU=GRUPOS DE SEGURIDAD,OU=Grupos,DC=credes,DC=local" user="{saMAccountName}" passwd="" userClone="user"/><Group searchTag="m
    emberOf" searchString="CN=CA-Admin,OU=GRUPOS DE SEGURIDAD,OU=Grupos,DC=credes,DC=local" user="{saMAccountName}" passwd="" userClone="admin"/></LDAPGroups>
    Krb5ConfigFile:
    Status: Enabled
    Timeout: 10000


  • 5.  RE: Unable to authenticate user with LDAP on NFA

    Posted Feb 04, 2020 03:00 PM
    How do you manage your users, groups and snmp profiles, without having PC installed?

    ------------------------------
    Senior Consultant
    SolvIT Networks
    ------------------------------



  • 6.  RE: Unable to authenticate user with LDAP on NFA

    Posted May 04, 2022 04:15 PM
    Hey... I had NFA 10.0.0 and managed the users/groups through LDAP, where the users that belong to these groups (CN=CA-Guest --> userClone="user"  //  CN=CA-Admin, --> userClone="admin"), this allowed me to control with what permission they could enter (nfa = user or admin).
    For SNMP profiles, it was handled from NFA and had no problems.

    Now as I have Netops to solve the flash issue, I manage everything (users/groups, snmp profiles) from Netops. Note: Users login the same through LDAP.