5 Replies Latest reply on Jun 29, 2020 9:15 AM by abdallah hamaydeh

    Active Directory Authentication Client Management 12.9

    abdallah hamaydeh
      Share This:

      How to have an Active directory With SSL connection?

      we need to link CM with Active directory using pot 636 which is secure need Cert. how to do this in client management? 

        • 1. Re: Active Directory Authentication Client Management 12.9
          Steve Gibbs

          When you create or modify an existing Directory Server object you can define the port you wish to use.  In addition you can also select the Domain Proxy when you have multiple domains in your environment. 

           

          If you have more than one Domain or you are using a BMC hosted solution you must install an agent on a device that you wish to use as a Proxy (one that is always online from that domain).  Add the role of Domain Proxy.

           

          You must also create Credentials to use to access the DC for querying the items in that Domain. These credentials only need Read only but some customers have locked down their DC's so if you run into issues using the newly created account, try an existing account such as your own.  Once verified then figure out how to get the new service account to work.  It may just be a synch issue between where you created the account and what device the Proxy uses for authentication.

           

          Next you will want to go to Global Settings > Directory Server and right click to bring up context menu. Select Create Directory Server.

           

          In my lab I have two domains connected:

          By default the Master server is a Directory Server Proxy for On Premise installations:

           

          Open up the properties page and configure the items you wish to change.  Test login...  Save!  All done.  No special cert is required because we are using the Proxy to access the DC.

           

           

          Let us know if this works for you!

           

          Steve

          • 3. Re: Active Directory Authentication Client Management 12.9
            Steve Gibbs

            Please remove the Server name from the "Hostname" entry leaving just the Domain name. Also, did you try a real user account to test the connection? Is the account you tested a member of "Domain Users"?

             

            Also, open a command window and type in "Whoami".  This will show your Domain Name\User Name.  Make the alias what Whoami returned for the Domain Name.

             

            Make sure when you add the credential to test or use you just add Domain Name (No backslash) and then just User Name

            • 4. Re: Active Directory Authentication Client Management 12.9
              Steve Gibbs

              The error message indicates it is a credential issue not a PORT issue. That is why I suggested using YOUR account to test.

               

              Please let us know if you got this working.

              • 5. Re: Active Directory Authentication Client Management 12.9
                abdallah hamaydeh

                Many thanks indeed this "Whoami" save my day, I was using the domain but no luck in that, when I used your advice work!

                 

                thank you again,