02-16-2012 03:21 PM - edited 03-19-2019 04:25 AM
Hello,
I've configured a new CUC8.6 server in our CUCM environment. We're synchronized with AD and have been for some time. After finishing the installation and importing users into the system (and creating some user voicemail boxes), we started adding synchronized accounts to the System Administrator role. However, they still can not log in. When an Administrator tries to log in, it gives in error that the password is invalid, after several attempts it says that the account has been locked out. When I look at the account in AD and CUC, it looks fine. LDAP Directory, Set Up, and Authentication are all set up (which, to me, seems like an odd thing to need to do since it should be authenticating through CUCM like CUCCX does, no?) Do I need to have this configured? Should setting up AXL be enough?
Any suggestions would be appreciated.
Solved! Go to Solution.
02-16-2012 03:42 PM
02-16-2012 05:41 PM
can you login ok with this user to ciscopca site?
Sent from Cisco Technical Support iPhone App
02-16-2012 05:52 PM
seems like your LDAP authentication is not working, review your config.
Sent from Cisco Technical Support iPhone App
02-16-2012 05:57 PM
Well, if you are using AXL integration instead of LDAP then the passwords are not synced and defined locally on UCON.
Sent from Cisco Technical Support iPhone App
02-16-2012 06:05 PM
correct, uccx is different.
You need to pick how users are imported into UCON either AXL, locally defined or LDAP.
Sent from Cisco Technical Support iPhone App
02-16-2012 03:42 PM
So, which role did you assign to this user?
Chris
02-16-2012 05:35 PM
System Administrator. I've also tried Audit Administrator to mimic the group assignment of the server's system account, but no dice Thoughts?
Sent from Cisco Technical Support iPad App
02-16-2012 05:41 PM
can you login ok with this user to ciscopca site?
Sent from Cisco Technical Support iPhone App
02-16-2012 05:50 PM
I can not. It tells me Log on failed - Invalid User ID or Password
02-16-2012 05:52 PM
seems like your LDAP authentication is not working, review your config.
Sent from Cisco Technical Support iPhone App
02-16-2012 05:54 PM
Is LDAP authentication required here? Should the AXL service provide the authentication? That's how it works in CUCCX.
02-16-2012 05:57 PM
Well, if you are using AXL integration instead of LDAP then the passwords are not synced and defined locally on UCON.
Sent from Cisco Technical Support iPhone App
02-16-2012 06:02 PM
That IS different from the way it works in CUCCX. In that instance the AXL authentication will allow people to authenticate with their AD credentials. And, you're totally right. When I go to the user account in CUC and set the password, now I'm able to log in just fine. So, is this fixed by removing the settings for AXL and only leaving the LDAP settings?
02-16-2012 06:05 PM
correct, uccx is different.
You need to pick how users are imported into UCON either AXL, locally defined or LDAP.
Sent from Cisco Technical Support iPhone App
02-16-2012 06:12 PM
So, the manner of import chooses how to authenticate? Interesting. In any case, I can import users from PhoneSystem with no problems but I don't see anything when I choose LDAP directory. I've double checked my settings for LDAP and they're identical to the ones in CUCM (which does work with no problems.) Is this where my problem is, or could there be anything more to it?
02-16-2012 06:30 PM
So, the manner of import chooses how to authenticate? Interesting.
> Correct
Are you going to Import User from LDAP and selecting the LDAP integration your created?
Chris
02-16-2012 06:46 PM
Yes, we don't use locally created accounts - everything is done in AD.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide