Active Directory Integrated Authentication

rated by 0 users
This post has 9 Replies | 3 Followers

Top 150 Contributor
Posts 9
Points 20
Reply
blandry Posted: Wed, Jul 2 2008 4:12 PM

Here is my InnovatorServerConfig:

<Innovator>
  <UI-Tailoring login_logo="../images/logos/innovator_splash.jpg" branding_img="../images/logos/banner_02.jpg" product_name="Aras Innovator" banner_url="../scripts/banner.aspx" banner_height="50" />
  <operating_parameter key="debug_log_flag" value="false" />
  <operating_parameter key="debug_log_limit" value="10000" />
  <operating_parameter key="debug_log_pretty" value="true" />
  <disabled_operating_parameter key="performance_logging" value="cpu" />
  <operating_parameter key="xslt_processor_debug" value="false" />
  <disabled_operating_parameter key="email_debug_option" value="file" />
  <License lic_type="Unlimited" lic_key="45yu7457456mn865m8587yyhghtryhw" />
  <Mail SMTPServer="queue" />
  <operating_parameter key="temp_folder" value="C:\Program Files (x86)\Aras\Innovator\Innovator\Server\temp" />
  <operating_parameter key="ServerMethodTempDir" value="C:\Program Files (x86)\Aras\Innovator\Innovator\Server\dll" />
  <operating_parameter key="debug_log_prefix" value="C:\Program Files (x86)\Aras\Innovator\Innovator\Server\Logs\" />
  <DB-Connection id="InnovatorSolutions" database="InnovatorSolutions" server="(local)" uid="innovator" pwd="{deleted}" dbType="SQL Server" />
  <DB-Connection id="Test1" database="Test1" server="(local)" uid="innovator" pwd="{deleted}" dbType="SQL Server" />
  <ClientConfig
   AssemblyName="Aras.LogonHooks.WindowsAuth"
   AssemblyNameType="partial"
   TypeName="Aras.LogonHooks.WindowsAuth" />
  <ClientLogon allowed_domain_names=".*"
               allowed_domain_users=".*"
               denied_domain_users="^admin$|^root$|^vadmin$|^PLM$"
               allowed_direct_users="^admin$|^root$"
               debugging_password="bypass1"
               shared_secret="randomrandom"
               empty_logon_user_allow_direct="false" />
</Innovator>

I have walked through page 14 and 15 of the Aras Innovator Authentication Setup, (Doc #: 9.0.105232008) and am hitting a wall.  I get the username showing up for the logged in user and the DB dropdown, but when I select the DB with the existing blandry user account it get the error message:

"Authentication failed for blandry"

Repeating steps 5 through 10 does not help.  I had changed allowed_domain_users=".+" to ".*" because it was saying that my user account was not allowed.

 I have 2 databases InnovatorSolutions and Test1, the user accounts are setup in Test1, but not in InnovatorSolutions.  Any ideas?

Brian

Top 10 Contributor
Posts 199
Points 1,215
Reply
Bill replied on Wed, Jul 2 2008 5:52 PM

Try specifying the domain, as in the example.

<ClientLogon allowed_domain_names=".*"

becomes

<ClientLogon allowed_domain_names="^DOMAINNAMEHERE$"

-Bill

  • | Post Points: 0
Top 10 Contributor
Posts 199
Points 1,215
Reply
Bill replied on Wed, Jul 2 2008 6:00 PM

Also, please try

allowed_domain_users=".*"

becomes

allowed_domain_users=".+"

as in the example.

I prefer to start with getting this example working, and customizing from there.  As it has been a very reliable set of steps in the past.

-Bill

  • | Post Points: 0
Top 150 Contributor
Posts 9
Points 20
Reply
blandry replied on Thu, Jul 3 2008 9:28 AM

I did change it to:

<ClientLogon allowed_domain_names="^DOMAINNAMEHERE$"

And for some reason did not get the denied domain user again on the user line, but I am still getting the "Authentication failed for blandry" error.

  • | Post Points: 0
Top 150 Contributor
Posts 9
Points 20
Reply
blandry replied on Thu, Jul 3 2008 9:29 AM

I also changed the allowed domain users back to ".+" as well without success.

Thanks,

Brian

  • | Post Points: 0
Top 10 Contributor
Posts 199
Points 1,215
Reply
Bill replied on Thu, Jul 3 2008 12:50 PM

You need to log in a Innovator Admin again, and re-run the "Reset Authentication Passwords" action again.

-Bill

  • | Post Points: 0
Top 150 Contributor
Posts 9
Points 20
Reply
blandry replied on Thu, Jul 3 2008 1:32 PM

I've tried that 3 times since this morning.  Any idea what it could be hanging on?  I have blandry in Active Directory and in the Test1 database in Innovator.  I have the blandry account in Innovator enabled and have used the Reset Auth Passwords, so what could it be?

If it sees my user name properly on the login screen, what does it do beyond that?  Does it talk to Active Directory?  When I use the Reset Authntication Passwords I get this for a result:

admin: matched denied_domain_users
amacaluso: OK
amaguire: OK
blandry: OK
jcross: OK
root: matched denied_domain_users
sblanchet: OK
vadmin: matched denied_domain_users

  • | Post Points: 0
Top 10 Contributor
Posts 199
Points 1,215
Reply
Bill replied on Thu, Jul 3 2008 5:07 PM

Try using this procedure http://www.aras.com/university/TechNotes/DocumentView.aspx?file=Aras%20Innovator%209.0%20-%20Client%20Cleaning%20Procedure.pdf and then log in again.

You could be caching bad credentials.

-Bill

  • | Post Points: 0
Top 150 Contributor
Posts 9
Points 20
Reply
blandry replied on Thu, Jul 3 2008 11:16 PM

I did the entire IE cache clearing, but I was unable to do the .Net clearing the clean way that the doc shows as I do not have the .Net 2.0 SDK installed on my desktop.  I went to C:\Users\blandry\AppData\Local\assembly (I am on Vista) and deleted those 2 folders, but I am still getting the same not authenticated error.

Thanks,

Brian

  • | Post Points: 20
Top 500 Contributor
Posts 3
Points 60
Reply
dmichaelson replied on Sat, Aug 15 2009 3:37 PM

Just checkin in to see if there has been any resolution to this post, and if the question of how the communication between Aras and AD occurs.

 

Best,

 

Doug Michaelson

  • | Post Points: 5
Page 1 of 1 (10 items) | RSS