Using System Authentication <SYS> for Smarts Domain against Active Directory.
search cancel

Using System Authentication <SYS> for Smarts Domain against Active Directory.

book

Article ID: 315739

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:

  • Using System Authentication <SYS> for Smarts Domain against Active Directory.
  • Unable to log into Smarts with the username and password using Active Domain authentication.

Environment

SMARTS -10.1.x

SMARTS DM-2.x

Cause

LDAP users unable to Login to Smarts Gui Console.

Resolution

  • User is required to use the format <username>@<ActiveDirectoryDomain> when providing credentials if system authentication <SYS> is configured in serverConnect.conf for the Smarts Domain. 
  • Please note that this value is case sensitive. Using the incorrect case will cause authentication to fail.
  • If it is uncertain what the exact syntax of either the username or the domain name is, the Active Directory Users and Computers tool will allow this information to be validated.
  • The format will not necessarily look like an email address and may not match the format used by email addresses in the organization.  
  • Example:  If the Username appears as JSmith and the domain appears as CORP, the proper syntax would be JSmith@CORP.  

 

Additional Information

  • Smarts authentication is configured in the file <BASEDIR>/smarts/local/conf/serverConnect.conf.
  • By default Smarts allows system authentication with the following entry.
# This line allows anyone with a valid account on this system to connect a
# console.  Comment it out if you don't want to provide such access.
*:*:<SYS>:Monitor
  • This entry will give all local accounts on the Smarts server as well as all users in the save Active Directory domain access to login to the Smarts domain in Monitor mode.This mode has very limited rights.
  • If there are specific users that need to be granted additional rights, an entry such as the following can be added to serverConnect.conf as well:
*.user1@CORP:<SYS>:All
  • This example would grant additional rights to a user called :'user1@CORP'. 

Please be noted that this entry does not grant rights explicitly, but rather allows the user to be granted rights via profiles in the console.

Note: Kindly be noted that LDAP is not supported by VMware By Broadcom and this is not part of the GA release of Smarts.

Powered by Wolken Software