Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Active Directory integration issue

install
admin
security

Dear support,

I trying set up integration my instance of Gemini 4.2.1 with our Active Directory. But something is still wrong, I have made this steps:

1) Install and setup Scheduler Service (enable Debug mode)

2) Activate Active Directory Sync

  • Sync with Active Directory: Yes
  • Add New Users: YES
  • Connection String: DC=example,DC=com
  • domain admin username and password

3) Restart Scheduler Service - log without errors (Active Directory module starting, preparing, fetching, loading assembly, initalizing, processing, terminating - no errors)

4) AD Group 'gemini_managers' with 4 domain users mapped to Gemini Global Group 'managers' (over Security > Global Groups > Managers > Active Directory)

5) Gemini auth mode switched from 'Forms' to 'Windows' in web.config

...but after this steps getting on client after authentication (over windows auth) simple page with text:

Access Denied For User: Contact your Gemini administrators

...also domain users does not appear in the user list in Gemini

Can you help me please? Can i debug auth process?

Thank you

gem.iss.png ]
miniMax
· 50
miniMax
Replies (18)
helpful
0
not helpful

Please make sure that anonymous access is disabled in IIS for the Gemini site. Also, make sure that Gemini doesn't allow anonymous access.

However, if you don't see any domain user (domain\user) in the users list then this indicates that Gemini didn't find any. Which version of Gemini scheduler are you running?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Thank you for quick response.

  • Anonymous auth is disabled in IIS7
  • Anonymous access is not allowed in Gemini
  • I have installed CounterSoftGeminiSchedulerv42_1.exe from your web
  • Users from domain really not appear to user list - i see just default Gemini users: (-1 * Anonymous User * , 2 Developer Person , 1 Manager Person ) (list of AD sec.groups is imported in Gemini correctly)

Screenshot with security group configuration. http://imageshack.us/photo/my-images/851/gemiss2.png/


miniMax
· 50
miniMax
helpful
0
not helpful

Can you confirm that groups are imported to Gemini?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Yes. All groups from AD are visible in Gemini.


miniMax
· 50
miniMax
helpful
0
not helpful

just note: AD users are in OU=domain_users


miniMax
· 50
miniMax
helpful
0
not helpful

It might be your connection string to Ad, what is it?


Mark Wing
· 9108
Mark Wing
helpful
0
not helpful

DC=example,DC=com


miniMax
· 50
miniMax
helpful
0
not helpful

Please send an email to support at countersoft dot com to get a test app.


Mark Wing
· 9108
Mark Wing
helpful
0
not helpful

Tried setting up AD integration and got nowhere like others peoples experiences that I've read. I found it a less than seamless experience.

Would like to see AD configuration handled in a much more user friendly way with AD discovery rather than entering connection strings, access to restarting the scheduler service from the same area (or doing this automatically) and better logging/feedback for troubleshooting connection issues.


Mac
· 1
Mac
helpful
0
not helpful

We have many customers who are running AD without an issue. Do you have the same issues as this thread?


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Yes the same issue as this thread. I'm not saying that it doesn't work fine once setup as you say, many people are using it without issue.

My point is that the user experience in initially setting it up is IMHO bad and could be improved.


Mac
· 1
Mac
helpful
0
not helpful

Thank you for the feedback. We are working on Gemini 5 so will take your comments on board. If you are still having issues with AD send an email to support at countersoft dot com.


Mark Wing
· 9108
Mark Wing
helpful
0
not helpful
ANSWER

Issue resolved with Countersoft support team. Users in our domain do not have set email address in their AD profiles. This is reason why Gemini cannot import users to user list from AD. After adding email detail to user AD profile all working fine now.

Thank you for help.


miniMax
· 50
miniMax
helpful
0
not helpful

Sorry, one more question. There is any way login with Forms method, but with domain credentials? I mean enter login name like username@domain.name or domain.name\username to standard Gemini login form? Thanks


miniMax
· 50
miniMax
helpful
0
not helpful

Yes, but you will need to create a 2nd site that is forms auth and use that site to log in.


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

I did it and unfortunately I cannot login (form return 'Incorrect username and/or password'). I tryied this usernames:

username@domain username@domain.com (FQN) domain\username domain.com\username

User is present in Gemini user list as 'DOMAIN\username'. (Automatically added by sync service - scheduler).


miniMax
· 50
miniMax
helpful
0
not helpful

You need to create a Gemini password for the account you won't be able to login with your network password. Click on forgot password.


Saar Cohen
· 5000
Saar Cohen
helpful
0
not helpful

Thank you. This way working fine.


miniMax
· 50
miniMax