I am having some issues with Role Based Access on our LANDesk 9.0 SP3 test environment.
Any users that are part of LANDesk Administratrators group can log in fine however users that are ONLY members of LANDesk Script Writers group are unable to log into the console.
I get the following error:
In order for them to be able to log in, they must ALSO be part of LANDesk Management Suite group.
LANDesk Script Writers contains AD security groups that have access to log into the core. If I add the users either directly to the Management Suite group or add their AD security group then they can log in.
Is this correct behavior? According to the documentation, the user only needs to be a member of one of these groups.
Which documentation are you looking at? The documentation LANDesk provides is not always up to date unfortunately.
When you look at your users list in LANDesk, do you have a role/scope assigned to either LANDesk Management Suite or LANDesk Script Writers? I believe you need to have a role defined for any group that needs access to the console.
This is a portion of a document that might help. The document can be found here http://community.landesk.com/support/docs/DOC-23415 if you haven't already read that one.
"In 9.0 SP2, the Local Users and Group is key component to using LANDesk. Unlike previous version of LANDesk, the LANDesk Administrators, LANDesk Management Suite, and LANDesk Script Writers groups are only used to give users rights to the LANDesk directory structure. These groups do not add the users to the User Management console as they did in past versions, in fact the users do not need to be in these groups to add a user to the User Management console, but the user will not be able to log in to the console until they are added to a group."
There are no roles assigned to either LANDesk Management Suite or LANDesk Script Writer however inside these groups there are AD security groups with users that have Roles assigned.
For example, in the "LANDesk Script Writers" group, we have an AD Security Group called "LANDesk GroupAdmin Role" which is assigned a role in LANDesk. This group has a defined role and scope.
Yeah I use the same type of setup. I place groups inside the local LANDesk groups and assigne the roles to those that I add.
Looking at the screenshot, I only see LANDesk Script Writers. Did you add groups with roles to the LANDesk Management Suite as well?
Hmm, that does seem strange. Is there any reason you need to use LANDesk Script Writers? I have always just used LANDesk Management Suite when it came to giving console access to users.
There are 2 bugs that I reported related to scopes based on an LDAP queries after installing LDMS 9 SP3.
LANDesk has this in their queue to get fixed but I have received not received an information as to when a fix for this will be avaiable.
Sample of corrupt scope before editing:
Sample of corrupt scope after editing: