Highlighted
jmarberg1 Regular Contributor.
Regular Contributor.
359 views

ZCM user login

Maybe i am missing something simple here with user logins to PC's and zenworks client.  We are on AD and Zenworks17.  If a user logs on the PC with their "username" only they get logged into the client and get all their bundles and everything is great.  But if a user decided to use their full domain login "username@wcskids.net" they do not get logged into zenworks and don't get any bundles.  Is there somewhere to set to accept either logon?

 

Thanks!

Labels (2)
0 Likes
9 Replies
Micro Focus Expert
Micro Focus Expert

Re: ZCM user login

#1 - Normally the User@Domain logon works just fine from the Logon Screen, but there are some AD Configurations will it will not work.  Primarily where there are multiple Domain Aliases configured.

If Possible I would recommend an SR to have it associated with Bug#1129651 to raise the priority.

Since it is related to a defect, the SR should be refunded.  If you have difficulty creating SRs you can send me a private message with contact info.

 

#2 - The User@Domain does not work from the Z-Icon at all.....(That is a separate bug)

 

 

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM user login

Note: Supposedly Configuring and Enabling "Kerberos" authentication with ZCM avoids the issue.

0 Likes
jmarberg1 Regular Contributor.
Regular Contributor.

Re: ZCM user login

So User@domain does not work at all from the z icon, authentication failure.  Works fine with just User.  This is a known bug?

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM user login

Yes, the Z-Icon issue with User@Domain is a known issue, but that is a lower priority issue because it was never actually reported as an issue by any customers.  It was just noted as part of debugging issues logging in normally  with User@Domain for the other issue.

The issue where users do not logon automatically with User@Domain if there are multiple alias domains.  This will fail when using UserID/PWD based authentication, but will work if ZCM is configured for Kerberos.

Technically one could say they "Z-Icon" issue does not exist if using Kerberos, but that is because "Login" via the Z-Icon is disabled since authentication is based upon the logged on user's  Windows Kerberos Keys instead.

Kerberos is a little tricky to get working initially, but works extremely well once its configured properly.

The Primary Advantage of Kerberos is that it uses the User's existing Security Keys to perform the ZCM authentication.  This resolves any potential password replication issues in large domains.

The Primary Disadvantage is that it is not possible to logon to ZCM as a different LDAP user than is logged into Windows.  

0 Likes
ictssoe
Visitor.

Re: ZCM user login

Hi Craig,

 

We have a similar problem with user login. We have indeed a multiple Domain aliases configured. Is there a way around this problem that you know of apart from using Kerberos?

 

Regrads,


David

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM user login

There is not a way other than Kerberos, but that being said IMHO Kerberos is far superior than UID/PWD for Domain setups.

Is there a reason beyond the learning curve of how to create the Kerberos File for ZCM to use that you do not want to use it?

If you cannot use Kerberos for some reason and need a fix, I would recommend an SR since the issue is not high priority due to the simple and likely superior "Work-Around" of enabling Kerberos Authentication.

ictssoe
Visitor.

Re: ZCM user login

Hi Craig,

 

Thanks for your response.

You are right about the learning curve. It is  bit daunting for me especially because it is all new to me.

If you have some advice or links to good documentation other then the Zenworks documentation about this subject I would be much obliged.

 

Regards,


David

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM user login

Remind me to do post a bit more about Kerberos if I dont.

It's been a long time since I set it up.....(It's a set and forget thing...)

Need to play but don't have time right now....

0 Likes
jmarberg1 Regular Contributor.
Regular Contributor.

Re: ZCM user login

I guess i need to read up on Kerberos auth. Thanks!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.