Active Directory Authentication
I am trying to configure ArcSight Express for Active Directory authentication. I can use the system fine using built-in authentication. When I run the managersetup and complete the changes for Active Directory authentication I can not longer login using the default account and I cannot login using windows accounts. I'm using the same account to login that I used to test during the configuration. The test succeeds during the configuration, but I am still unable to login as that user.
Anyone have any ideas?
Make sure the account you're trying to use from AD is in the users resource for Arcsight. Once AD auth is enabled, the local accounts get disabled.
For example - if the AD account is user.account, then user.account has to be in the users in ESM.
I'm not clear on what you mean by "Make sure the account you're trying to use from AD is in the users resource for Arcsight". Are you saying that I have to add users to ESM somehow?
Yes. So if your account in AD is "dacompton", you also have to add a user to ESM with that username. ESM is only using AD for password authentication, so it doesn't know the username if you don't tell it.
Got it. I recreated the users that need access and it works. However, this needs to corrected. I should not have to create my user accounts in a second repository to allow AD integration. I will pursue a fix with ArcSight.
Actually you can set an alternate account name in ESM to use for AD auth. So for ESM user admin you could set alternate account name foobar (which has to exist in AD) and then login to ESM with admin and the AD password of foobar.
But you'll always have to create users in ESM, that's probably because ESM can use AD for authentication but not authorization...