Quantcast
Channel: SCN : Unanswered Discussions - BI Platform
Viewing all articles
Browse latest Browse all 5661

AD group does not populate

$
0
0

Greetings all!

I have a bit of a puzzler and I am hoping someone out there has an answer and can save me submitting a ticket to solve this issue.

 

I have AD configured on the server and enabled. I have specified the following settings:

 

Domain FQDN: DOMAIN1.COMPANY.NET

Domain: DOMAIN1

Service Account: DOMAIN1\service_BI4_PRD

SPN1: HTTP/SERVER

SPN2: HTTP/SERVER.DOMAIN1.COMPANY.NET

SPN3: HTTP/10.240.44.37

AD Group Name: DOMAIN1\Summary_Reports

 

krb5.ini:

[libdefaults]

     default_realm = DOMAIN1.COMPANY.NET

     dns_lookup_kdc = true

     dns_lookup_realm = true

     default_tgs_enctypes = rc4-hmac

     default_tkt_enctypes = rc4-hmac

     udp_preference_limit = 1

 

[domain_realm]

.domain1.company.net = DOMAIN1.COMPANY.NET

domain1.company.net  = DOMAIN1.COMPANY.NET

.company.net = COMPANY.NET

company.net  = COMPANY.NET

.domain2.company.net = DOMAIN2.COMPANY.NET

domain2.company.net  = DOMAIN2.COMPANY.NET

 

[realms]

DOMAIN2.COMPANY.NET= {

     kdc = dc02.DOMAIN2.COMPANY.NET

     kdc = dc01.DOMAIN2.COMPANY.NET

     default_domain = DOMAIN2.COMPANY.NET

}

COMPANY.NET = {

     kdc = PADR02.COMPANY.NET

     kdc = cadr01.COMPANY.NET

     kdc = CADR02.COMPANY.NET

     kdc = CADR03.COMPANY.NET

     kdc = ADR001.COMPANY.NET

     default_domain = COMPANY.NET

}

DOMAIN1.COMPANY.NET = {

     kdc = rdcdc001.DOMAIN1.COMPANY.NET

     kdc = rdcdc002.DOMAIN1.COMPANY.NET

     kdc = CHIEXDC001.DOMAIN1.COMPANY.NET

     kdc = CHIEXDC002.DOMAIN1.COMPANY.NET

     kdc = CHIEXDC003.DOMAIN1.COMPANY.NET

     kdc = CHIEXDC006.DOMAIN1.COMPANY.NET

     default_domain = DOMAIN1.COMPANY.NET

}

[capaths]

DOMAIN1.COMPANY.NET = {

DOMAIN1.COMPANY.NET = .
COMPANY.NET = .
DOMAIN2.COMPANY.NET = COMPANY.NET

}

DOMAIN2.COMPANY.NET = {

CHI.COMPANY.NET = COMPANY.NET

}

 

The SIA is running as the service account (which is a member of the local Administrators group and granted Logon As Service, Allow logon locally and Act as Operating System).

 

I have set Create new aliases when the Alias Update occurs.

 

 

Once I have the AD authentication plugin, the krb5.ini and bscLogin.conf all configured I can successfully run a kinit for my account and get a ticket.  I can also add a group to the AD plugin, click the update button, and the group with change format in the group list window and display in the Users and Groups interface. However, the system will not update with the users from the AD group.  I have tried this with several groups, but to no avail.

 

Additionally, the Schedule buttons in the AD plugin have the following error as well:

A java.lang.Exception occurred; original exception message Update cannot proceed because the authentication plugin is not enabled. The update attempt failed with error: {0}

 

I have validated that the AD authentication plug-in is enabled.

 

Any suggestions from anyone?


Viewing all articles
Browse latest Browse all 5661

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>