Spectrum LDAP integration authentication failure with RESTRICTED_TO_SPECIFIC_MACHINES error
search cancel

Spectrum LDAP integration authentication failure with RESTRICTED_TO_SPECIFIC_MACHINES error

book

Article ID: 45590

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Spectrum is integrated with LDAP or Microsoft Active Directory server but authentication failed for certain users although user and password have been keyed in correctly. I have accessed OneClick Web Admin page using available account, gone to Administration -> Debugging -> Web Server Debug Page (Runtime) and turned ON "SSORB Security SP" debug item, reproduced the problem and seen the following error in Tomcat log.

 Error binding: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 531, v1772 ]; remaining name ''

Environment

Release: Any
Component:

Cause

"Log On To" restriction is applied to the user account so the user cannot logon to the OneClick Server machine.

Resolution

The LDAP error has error 49 and data code 531 which means

RESTRICTED_TO_SPECIFIC_MACHINES
Indicates an Active Directory (AD) AcceptSecurityContext data error that is logon failure caused because the user is not permitted to log on from this computer. Returns only when presented with a valid username and valid password credential.  

The error happened when the user account has "Log On To" restriction and the user is restricted to log on to the OneClick Server. Please check with the Administrator of Active Directory and make sure the user does not have that restriction to avoid this issue.