Skip navigation
2928 Views 12 Replies Latest reply: Feb 29, 2012 12:26 AM by kyt977 RSS
itskiguy Rookie 32 posts since
Dec 28, 2011

Has received 1 of 9 achievements.
Currently Being Moderated

Feb 9, 2012 3:53 PM

ServiceDesk 7.5 Active Directory Authentication

Hello,

 

I'm trying to get our ServiceDesk set up and I'm at a point where I'm starting to need users.  I ran an AD import and that seems fine, and was able to change myself to be an Analyst from an End User. 

This is where I'm starting to run into some issues, partially stemming from the fact that different documents say to do different things.  The LDSDSetup document says that my Network Login should be my DN, and the Logon policy should be Explicit only

 

But http://community.landesk.com/support/docs/DOC-11425 says to use domain\username for the Network Login and that the Logon policy should be Integrated Only.

 

I added  <add key="AuthenticationProvider" value="Touchpaper.Integrations.LDAPLogon.DirectoryServiceAuthenticationProvider" /> to my tps.config

 

My DirectoryServiceAuthentificationConfiguration.xml looks like this:

 

<?xml version="1.0" encoding="utf-8"?>
<DirectoryServiceAuthentifictionConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <!-- Server object to try to read (typically a branch on the tree) -->
<ServerObject>ldap://domaincontroller:389/OU=My%20Users,OU=Employees,OU=User%20Accounts,DC=domain,DC=local</ServerObject>
  <!-- Debugging - throw error messages for any errors encountered-->
  <ShowExceptions>True</ShowExceptions>
  <!-- This is only valid for Active directory.  For eDirectory, use None-->
  <!-- Active Directory use Secure-->
  <!-- If using Active Directory SecureSocketsLayer the ServerObject must be by DNS name, not IP and the DNS name must match the name on the server side certificate-->
  <AuthenticationType>None</AuthenticationType>
</DirectoryServiceAuthentifictionConfiguration>

 

But even with <ShowExceptions>True</ShowExceptions> I'm only getting Logon failed when I try to log on.  I've tried both Integrated Only, Explicit Only, and All for the Logon Policy but none have changed the behavior.  I tried setting <AuthenticationType> to LDAP, and Secure but neither of those worked either.  I'm really lost, I'd appreciate any help anyone that's gotten this to work could offer. I went through these posts and they didn't work although clearly I'm not the only one finding conflicting information in the documentation...

 

http://community.landesk.com/support/thread/12834?

http://community.landesk.com/support/thread/16683?

http://community.landesk.com/support/message/71785

 

 

Thanks

  • Expert 233 posts since
    Jan 27, 2009

    Has received 7 of 9 achievements.
    Currently Being Moderated
    1. Feb 9, 2012 5:14 PM (in response to itskiguy)
    Re: ServiceDesk 7.5 Active Directory Authentication

    Hi,

     

    The following is the requirements for LDAP Authentication (AD included)-

     

    • You must use DN as your network login value
    • Logon Policy must be set to explicit
    • You must have the configuration file correctly entered and placed in the appropriate directories (the setup documentation covers these details)
    • If you wish to enable for WebAccess there are several files that must be copied across from TPS dirs to WebAccess dirs (again, the documentation covers this)

     

    Make sure you've copied everything into the correct locations, triple confirm your configuration settings in the XML file and finally, IISRESET and try again.

     

    Cheers,

    Hadyn

  • Expert 233 posts since
    Jan 27, 2009

    Has received 7 of 9 achievements.
    Currently Being Moderated
    3. Feb 12, 2012 3:29 PM (in response to itskiguy)
    Re: ServiceDesk 7.5 Active Directory Authentication

    The Windows Event Logs on the server you're connecting to might have some additional info. Out of interest, where have you placed the copy of the LDAP configuration file?

     

    Cheers,

    Hadyn

  • NHARCUP Employee 6 posts since
    Feb 9, 2009

    Has received 1 of 9 achievements.
    Currently Being Moderated
    5. Feb 15, 2012 4:29 AM (in response to itskiguy)
    Re: ServiceDesk 7.5 Active Directory Authentication

    Hi,

    Have you confirmed that the server can connect to:-


    ldap://domaincontroller:389/OU=My Users,OU=Employees,OU=User Accounts,DC=domain,DC=local


    You can download an LDAP browser free from the web to verify this (I use LDP from Microsoft.com).  I guess you can logon as "SA" without the logon failed error?, also it is worth stopping the services before running your tests as I have seen this error produced by background services so it may not be related.


    Kindest Regards


    Nathan


  • NHARCUP Employee 6 posts since
    Feb 9, 2009

    Has received 1 of 9 achievements.
    Currently Being Moderated
    7. Feb 15, 2012 8:43 AM (in response to itskiguy)
    Re: ServiceDesk 7.5 Active Directory Authentication

    Hi,

    I would stop all LANDesk Service Desk services while testing to ensure that the error returned in the event log is defiantly a result of the LDAP authentication failing and not a LANDesk ServiceDesk service.

    Also could you confirm if you can logon as SA without issue?, this should bypass the LDAP logon.

     

    Kindest Regards

     

    Nathan

  • kyt977 Rookie 7 posts since
    Dec 14, 2011

    Has received 1 of 9 achievements.
    Currently Being Moderated
    12. Feb 29, 2012 12:26 AM (in response to itskiguy)
    Re: ServiceDesk 7.5 Active Directory Authentication

    Hi,

     

    Because you are using Active Directory, you need to set the following <AuthenticationType>Secure</AuthenticationType> in DirectoryServiceAuthentificationConfiguration.xml.

     

    The default value is ‘None’ and not ‘Secure’.  I found the comments in the xml file confusing. This solved my initially login issue with the Console.

     

     

    However, I then had you issue with the Self Service/Web Desk Website where it would report

     

    Failed to create Authentication Provider 'Touchpaper.Integrations.LDAPLogon.DirectoryServiceAuthenticationProvider'.

     

    It turns out there are some dlls that need to be copied from the Framework (C:\Program Files (x86)\LANDesk\Service Desk\WebApp\Framework\bin) folder to the WebAccess Folder (C:\Program Files (x86)\LANDesk\Service Desk\WebApp\WebAccess\bin).

     

    The key files missing being:

    1. Touchpaper.Integrations.LDAPLogon.dll
    2. Touchpaper.Integrations.OpenLDAPLogon.dll
    3. Touchpaper.Integrations.OpenLDAPSSLLogon.dll

     

    Doing a forum search on these dlls will point you to this article - http://forum.landesk.com/support/docs/DOC-6801/

     

    Hope it helps.

    Kim

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software