11-21-2013 01:24 PM - edited 03-15-2019 05:55 AM
Folks,
I am trying to get "Login by Login name" working for the Supervisor re-skilling tool login (https://serverip/reskill)
I am able to login when I use "Login by agent ID" but I am unable to use "Login by Login name" on the re-skilling tool. I get a authentication failed when i use "login by login name".
I have tried having ICM create a new AD account under the "MyDomain >> Cisco_ICM >> Facility >> Prod" AD OU. by going to Configuration Manager >> Agent Explorer >> Agent >> Supervisor (Tab) and setting a user ID in the "Supervisor login as user" field and setting a password in the "Supervisor login Password" field.
I go back to the the reskilling tool and try to use the new account and I receive an authentication failed.
I have also tried to associate the "supervisor login name" to an existing domain account (my AD account) and it does the same. I also checked the AD server to see if ICM was creating the login ID in the Prod OU and it does. I have double checked the password and even reset the password on AD directly from AD (since I have access to AD). but no change, I still receive authentication failure. All this while I can login using the agent ID , but cannot using a Login name.
The goal is to have single sign on for Supervisors so that I can associate their AD account to their Supervisor Login so they can use their corporate AD credentials to log into the agent reskilling page.
Anyone have any suggestions on what to look for ?
Thanks in Advance,
Sashi
11-21-2013 01:39 PM
Hi,
ran into the same problem. Looks like only the peripheral name works. Fortunately, the customer accepted that so we did not investigate further.
Can you talk to TAC and post back?
G.
11-21-2013 06:37 PM
Yep, had the same issue on 7.x, if you upgrade to 8 or 9, the issue should go away. By any chance did you try AD\username or username@AD?
david
11-22-2013 05:59 AM
I am on UCCE 9 and still have this problem. and Yes, I tred both the "username" and "domain\username" flavors to make sure it wasnt a syntax issue. I probably am going to end up opening a TAC case to see if I can get some answers to this.
11-22-2013 08:54 AM
Just tried it on 9.0.3 with no problems. Is the AW able to resove the AD name? For example, if the users's accountis david@ad.com, if you go to the HDS can you ping ad.com?
david
11-22-2013 09:04 AM
Hey David,
Yup, I have no problems pinging the domain name from the AW server. My AW/HDS/DDS, PG's and Router Logger all running 9.0(2) and are part of the same domain (i.e. the corporate domain). I have gone as far as checking to make sure that ICM has full read & write access into the ICM facilities OU where ICM is creating new supervisor AD accounts.
As mentioned earlier, I have also tried to associate existing AD accounts and that fails as well. I have also tried to validate that the new AD accounts created by ICM work and they do, I was able to use one of the accounts to log into a windows PC that belongs to the same domain and I was able to. This tells me that the Account created is fine.
My thoughts right now are that there is some problem with the authentication method (or) I still have a configuration issue that I have missed or havent figured out yet.
Sashi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide