11-25-2009 12:01 PM - edited 03-15-2019 08:37 PM
We have CUCM 6.1. We want to add new users from new domain.
I have added LDAP directory for this new domain and has been able to pull the new users from this new domain.
I went to “User Management > End User” and found the new users from the new domain. So CUCM is able to see the users.
I have associated the user with one of the phone and then assign the Primary Extension, and then in the permission information, I added the “Standard CCM End Users” for this user which will give the user Roles as “Standard CCM End User” and “Standard CCMUSER Administration”
When the user go to the CCM user page, the user got “Log on failed - Invalid User ID or Password”
I have the user from the existing/old domain that is already with CUCM and the user is able to login fine. Seems to be only from the users from the new domain.
It seems that it has an Authentication issue. Can someone give me an idea how to fix this?
Thanks
11-25-2009 01:18 PM
Did you create new LDAP authentication for the new domain in CM beside just the LDAP search?
Chris
11-25-2009 01:58 PM
I was thinking the same thing but I do not see where can I create a new LDAP authentication.
I go to "CCMadmin > System>LDAP authentication" and I see that is "LDAP authentication for End User". Currently it is for the old/existing domain that has already been setup with CUCM. but i do not see there an option to add another one.
How/Where can we create another "LDAP authentication for End User"?
or am i missing something?
11-25-2009 04:10 PM
You cannot create another, you can only configure 1.
To enable authentication, a single authentication agreement may be defined for the entire cluster.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1070369
If you're going to migrate all to the new domain just delete and recreate, if not read the section:
contained in the above doc.
HTH
java
If this helps, please rate
www.cisco.com/go/pdihelpdesk
12-01-2009 03:20 PM
It seems that it is only working on the Parent-Child Domain situation which we can point the LDAP Authentication on the parent domain.
In our environment, we do not have Parent-Child Domain. Each domain is in each forest. So in this case, our users got imported but they would not be authenticated.
Can someone confirm or have any advice on this?
Thanks
12-01-2009 03:58 PM
I had a quick look at the SRND (the link that Java posted), and as far as I could see, you can authenticate against the GC, but need to sync on the UPN instead of the userid..??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide