7 Replies Latest reply on Jul 13, 2018 5:50 AM by fluffy midnight

    AD groups login with PKI issues

    jtwis

      We are having issues with our solarwinds logging in.


      We have an entire group that is unable to log in with their PKI token. We have tried doing IE, edge, chrome and FireFox. With FireFox it is giving us a prompt for a username\password just to get to the site. Edge\IE\chrome just goes right to a login page.

       

      I have removed the group from SW and readded it, and still no luck.

       

      To throw another wrench in the gears, we ahve two other groups that have users that can log in, and some that cannot.

       

      I can take those users and add them as individual accounts and they log in without and issue.

       

      Any suggestion on where I need to look to get this taken care of would be helpful.

        • Re: AD groups login with PKI issues
          fluffy midnight

          Hi jtwis,

           

          If some users are working and others are not, that would suggest that something is wrong with the configuration you have done rather than general login to the help desk.

           

          If we wanted to confirm this, we would simply stop the AD connection via PKI and try the general login.

           

          If you go to Clients and do an Advanced Search with no criteria, do you find the users that are having issues in the list?

           

          How have you gone about configuring this, do you have anything you can show so we can review your configuration?

           

          -Midnight

            • Re: AD groups login with PKI issues
              jtwis

              Thank you for replying.

               

              I am not the one who set up the application, and unfortantely I do not have anything I can show for the configuration. If you can suggest something that you would think to look at, and where I can find it, I will tell you the settings, but I am unable to post pictures and the application is on an enclosed enclave that I cannot get screenshots off.

               

              As far as when you said "If you go to Clients and do an Advanced Search with no criteria, do you find the users that are having issues in the list?" Are you suggesting going to "users" and searching for the ones that aren't able to log in?

               

              I am working on checking the connection to AD as you also suggested.

               

               

                • Re: AD groups login with PKI issues
                  fluffy midnight

                  Hi jtwis,

                   

                  Check within the Advanced Search, here's a screenshot of the thing you're looking for:

                  Note that the configuration may have a different name to 'Clients', such as "Users" that you've mentioned.

                   

                  You can search on the AD connection that you have, then locate whether the users having login issues are in the list or not:

                   

                  1. If they are, then you need to review how they've tried logging in; did they have insufficient login details, etc...

                  2. If they aren't, you need to review the AD connection settings.

                  3. If no one is displayed in the list, remove that filter and search again, locate a user you believe has been synced by AD and check the LDAP Connection field within their account information.

                   

                  Let's see where we go from here.

                   

                  -Midnight

                    • Re: AD groups login with PKI issues
                      jtwis

                      Unfortantley I am not seeing that option for advance search in our user section. I did notice that you are running a different version that we are. Our Orion Platform is 2016.2.100.

                       

                      I did go through and checked all the users who cannot log in, and solarwinds is able to find them through AD when I try and make them user accounts. And those account will work in logging in, just not them being part of a security group.