Unable to authenticate user in unab

book

Article ID: 7418

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

After changing the password in Active Directory the customer is unable to log in as that user in the Linux endpoint. Trying with old passwords does not help, but other users seem to be able to log in.

Running uxpreinstall, there are errors connecting to the site:

CHECKING CLIENT'S SITE 
******************************************** 
Client's site = <unknown> 
ERROR: Could not determine the client's site. 
REASON: No LDAP service was available to get the client's site. 
ACTION: Please check that LDAP services are available and functional. 
--------------------------------------------- 
F A I L

However, the site exists and according to the Active Directory logs, there is a connection done

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component:

Resolution

This problem may occur if the only Domain Controller (DC) available for authentication is excluded from the list of Domain Controllers available for  authentication in uxauth.ini. In this case, UNAB will be able to contact the DC but it will be unable to retrieve credentials or Kerberos tickets. This may happen if- for instance- UNAB was set up with DC which are no longer available.

Editing the list of DC available for authentication in uxauth.ini to include the valid one(s) or remove the list of DC and leave the none default will solve the issue.