on 09-15-2008 11:07 PM
I have installed Crystal Server 2008 and am trying to configure Windows AD for authentication. I have added and AD administration name as well as the default domain. The problem I am encountering is that when I try to add any AD group I get the following error: The secWinAD plugin failed to look up the account for the group "DOMAINNAME\GROUP". Please enter non-local groups as DomainName\GroupName and local groups as
ServerName\GroupName.
I have used the "DOMAINNAME\GROUP" format as well as cn=xxxx, dc=xxxxxx, dc=com format with no luck.
Any help you could provide would be appreciated.
well, by default the CMS uses netbios names when resolving domains. You can try forcing FQDN by editing the hkeylocalmachine\software\businessobjects\suite 11.5\enterprise\auth plugins\secwinad
add UseFQDNForDirectoryServers (string) choose a value of True and restart the CMS.
Also if you have a user account running the CMS/SIA insure they have local Admin group membership.
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK so we really have very little control when mapping in groups.
You enter the AD query account in the CMC/authentication/windowsAD
then map groups
we can change resolution to force FQDN's with the above string but other than that all calls are made to DNS and it's out of our hands.
Typically if this is the case you would need to open a message with support to get and engineer to webex and try to trace down the problem.
Regards,
Tim
The software/workflow should be exactly the same in CRSR2 and CRS2008. Without looking at the system I'm not sure where it's breaking down.
Do you still have the 11.5 system to compare?
[per case support|https://www.sdn.sap.com/irj/sdn/businessobjects-support]
[SMP Portal|http://service.sap.com/bosap-support]
-Tim
No I do not have the 11.5 version to look at because I originally tried to upgrade that server to 2008 and at the end of the installation it was reccomended that the older version be removed, which I did.
The upgrade did not work, the CMC would not start. After uninstalling and then reinstalling I got the same result. I eventually installed 2008 to another server choosing all of the default settings just to get it to work. My intentions were to get everything setup and then repoint it to a SQL database on another server (ODBC). (Although I am not sure if this is even possible.) As you can see I have not made it that far because I cannot get it to add my AD groups.
2008 seems to be very different than 11.5, i.e. IIS not supported only Java (for CMC and Infoview). This alone causes the AD authentication configuration to change dramatically.
I would greatly appreciate any other advice you may have in dealing with this issue. Thanks
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.