06-11-2010 10:09 AM - edited 03-15-2019 11:12 PM
My active directory is syncronized fine...
I can see all the users...
But When I try to login to call manger as user or as an administrator (CCM admin user group), it fails.
I have tick the box on ldap synchronization "use ldap authentication for end users"
Solved! Go to Solution.
06-15-2010 04:44 AM
06-15-2010 06:14 AM
an obvious question but have you tried logging into a domain PC with the same credentials?
06-15-2010 06:36 AM
By looking at the packet capture, the problem is still on LDAP side.
Here are the relevant packets:
#4 CUCM sent bindRequest to LDAP. Username: eurobank\scanner. Password: scanner1234$$
#5 LDAP sent successful response
#13 CUCM sent bindRequest to LDAP. Username: CN=MLavrentakis, OU=Cyprus,OU=Employees,DC=Eurobank,DC=efg,DC=gr. Password: !Log1234!
#14 LDAP sent failed response - "invalidCrdentials"
If you're sure the information was correct in packet #13, you should get your LDAP engineer to explain packet #14.
Thanks!
Michael
06-15-2010 12:09 PM
You are absolutely rigth!!!
The usernames and passwords are correct!!!
I can login with the same credentials in the domain....
It is obvious that the problem is AD and the permissions of these user accounts....
I need to focus on the AD ...
Your recomendations and troubleshooting were excellent!!!
Thank you very much for your help michael!!!
12-03-2012 08:43 AM
The reason directory sync works and this doesnt is because end user auth is completely seperate from directory sync. I had a similar problem and the cuase was that the end user was on a child domain that didnt share a root with the auth server i was using. the server was on xyz.com and the user abc.com. The fix for me was changes the user search base from "DC=xyz,DC=com" to "DC=com" and change the port i was using from 389(ldap port) to 3268(global catalog port). This doc also helped.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1070369
06-13-2010 12:44 PM
Have you mapped a different LDAP attribute to the CM User ID. For example, under LDAP System, if your LDAP attribute for the User ID is set to "telephone number" then your CM login user ID is the telephone number set int he AD user account.
just something to look for....?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide