Active Directory integration issue
Dear support,
I trying set up integration my instance of Gemini 4.2.1 with our Active Directory. But something is still wrong, I have made this steps:
1) Install and setup Scheduler Service (enable Debug mode)
2) Activate Active Directory Sync
- Sync with Active Directory: Yes
- Add New Users: YES
- Connection String: DC=example,DC=com
- domain admin username and password
3) Restart Scheduler Service - log without errors (Active Directory module starting, preparing, fetching, loading assembly, initalizing, processing, terminating - no errors)
4) AD Group 'gemini_managers' with 4 domain users mapped to Gemini Global Group 'managers' (over Security > Global Groups > Managers > Active Directory)
5) Gemini auth mode switched from 'Forms' to 'Windows' in web.config
...but after this steps getting on client after authentication (over windows auth) simple page with text:
Access Denied For User: Contact your Gemini administrators
...also domain users does not appear in the user list in Gemini
Can you help me please? Can i debug auth process?
Thank you
miniMax
· 50 |
|
Wednesday, January 25, 2012, 11:56:01 PM |
0
|
Please make sure that anonymous access is disabled in IIS for the Gemini site. Also, make sure that Gemini doesn't allow anonymous access. However, if you don't see any domain user (domain\user) in the users list then this indicates that Gemini didn't find any. Which version of Gemini scheduler are you running? |
||||
|
0
|
Thank you for quick response.
Screenshot with security group configuration. http://imageshack.us/photo/my-images/851/gemiss2.png/ |
||||
|
0
|
Can you confirm that groups are imported to Gemini? |
||||
|
0
|
Yes. All groups from AD are visible in Gemini. |
||||
|
0
|
just note: AD users are in OU=domain_users |
||||
|
0
|
It might be your connection string to Ad, what is it? |
||||
|
0
|
DC=example,DC=com |
||||
|
0
|
Please send an email to support at countersoft dot com to get a test app. |
||||
|
0
|
Tried setting up AD integration and got nowhere like others peoples experiences that I've read. I found it a less than seamless experience. Would like to see AD configuration handled in a much more user friendly way with AD discovery rather than entering connection strings, access to restarting the scheduler service from the same area (or doing this automatically) and better logging/feedback for troubleshooting connection issues. |
||||
|
0
|
We have many customers who are running AD without an issue. Do you have the same issues as this thread? |
||||
|
0
|
Yes the same issue as this thread. I'm not saying that it doesn't work fine once setup as you say, many people are using it without issue. My point is that the user experience in initially setting it up is IMHO bad and could be improved. |
||||
|
0
|
Thank you for the feedback. We are working on Gemini 5 so will take your comments on board. If you are still having issues with AD send an email to support at countersoft dot com. |
||||
|
0
|
ANSWER
Issue resolved with Countersoft support team. Users in our domain do not have set email address in their AD profiles. This is reason why Gemini cannot import users to user list from AD. After adding email detail to user AD profile all working fine now. Thank you for help. |
||||
|
0
|
Sorry, one more question. There is any way login with Forms method, but with domain credentials? I mean enter login name like username@domain.name or domain.name\username to standard Gemini login form? Thanks |
||||
|
0
|
Yes, but you will need to create a 2nd site that is forms auth and use that site to log in. |
||||
|
0
|
I did it and unfortunately I cannot login (form return 'Incorrect username and/or password'). I tryied this usernames: username@domain username@domain.com (FQN) domain\username domain.com\username User is present in Gemini user list as 'DOMAIN\username'. (Automatically added by sync service - scheduler). |
||||
|
0
|
You need to create a Gemini password for the account you won't be able to login with your network password. Click on forgot password. |
||||
|
0
|
Thank you. This way working fine. |
||||
|