This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PAM 4.2.1.0 set AD as LDAP Ueser source, show invalid credentials: 49

HI

   My PAM Manager ,which use SLES15 as plateform, has upgrade to 4.2.1.0 version and then I need sync LDAP User source.

I configure the AD information like below:

I indeed user name and password are correct. but when I try to add LDAP user to user role of [Access Control].

it show invalid credential: 49

I also test administrator (cn=administrator,cn=users,DC=xxx,DC=com,DC=tw) got same error message.

Whether I need install extra module or need did extra procedure ?

  • 0  

    Hi Wencheng can you log into pam as novellsync ? can you confirm the password for that user is correct

  • 0 in reply to   

    Hi

         I had reset the password and check this novellsync account has permission , I also login this account on a AD Workstation , he login well.

    so it not should be password issue. besides, I had test useing AD administartor to sync...but got the same result (invalid credential:49)

         other MF product has similar LDAP to sync AD. for example A.A. but it all sync well.

    Wencheng

  • 0 in reply to   

    HI 

        I compare with my A.A LDAP Sync.setting Which indeed use novellsync to sync LDAP)

    could I ask about PAM's LDAP setting.

    if My AD Lab ,

    domain name is dc=xxx,dc=com,dc=tw

    all user account are place on ou=teaming,dc=xxx,dc=com,dc=tw

    Sync Account was located on ou=apsync,dc=xxx,dc=com,dc=tw

       1. Base DN ==> I could set dc=xxx,dc=com,dc=tw or ou=teaming,dc=xxx,dc=com,dc=tw , correct ?

        2.User DN ==>  the document say "Domain name of the user with administrator privileges.", so it should be novellsync's location ==> ou=apsync,dc=xxx,dc=com,dc=tw , correct ?

         3.User Name: The corresponding user's name , it should be who will run LDAP sync user account to pam manager, so in my lab , it should be novellsync account. (But this field I test novellsync or cn=novellsync,ou=apsync,dc=xxx,dc=com,dc=tw both show same error message)

         

        

  • Suggested Answer

    0   in reply to 

    Hi Wencheng

    Try the following like my screen shot

    Regards

    Liam

  • 0 in reply to   

    Hi

        Thanks your great information!!! Yes , this setting is correct and work fine.

    the same attribute name on other MF product which provide LDAP Setting...but the require information seem not same with NPAM need. so I always think and use other valuse to import NPAM.

    thanks!!

    Wencheng

  • 0   in reply to 

    good to hear it is resolved