AD Authentication
Hello,
I'm configuring Network Configuration Manager and trying to get AD Authentication working.
First I tested with all users defined in AD:
- In Settings > Authentication > Windows Domains, I created my Domain with "Domain Name", "Domain Controller", LDAP, "Enable Auto Login" and "All Users" options checked, "User Permissions"=Administrator and proper "Time zone" setting.
- Then logged out, and logged in successfully with an AD user on domain
Then I tried to restrict to a specific AD group:
- In Settings > Authentication > Windows Domains, I created my Domain with "Domain Name", "Domain Controller", LDAP, "Enable Auto Login" and "Selected Groups" options checked, "User Permissions"=Administrator and proper "Time zone" setting.
- Regarding the BaseDN field, I have an issue.
- In our AD tree, Users and Groups are not in the same Organizational Unit (OU) :
- xxx.xxx.xxx.xxx (domain name)
- First level OU
- Second Level OU
- Groups OU
- Group1
- Group2
- Users OU
- User1
- User2
- I tried several things for BaseDN field and Groups field
- Setting the BaseDN to the Groups OU (OU=Groups,OU=Second Level,OU=First Level,DC=xxx,DC=xxx,DC=xxx,DC=xxx) and the Group to the CN value (Group1)
- Setting the BaseDN to the Users OU (OU=Users,OU=Second Level,OU=First Level,DC=xxx,DC=xxx,DC=xxx,DC=xxx) and the Group to the CN value (Group1)
- Setting the BaseDN to a common OU (OU=Second Level,OU=First Level,DC=xxx,DC=xxx,DC=xxx,DC=xxx) and the Group to the OU+CN value (OU=Groups,CN=Group1)
- None of these work
- the first two are accepted in the configuration stage but I can't login with a user having the expected group
- the third one is not accepted at configuration stage ("the inpu specified for the parameter does not match the required pattern")
How can this configuration be achieved ?
Thanks for the help.