Re: Cisco Jabber Invalid Username/Password

aldred.benedict · ‎02-01-2013

Hello All,

I am currently deploying CUCM 8.6 with CUP 8.6. The end users of CUP are synced to CUCM, which in turn synced to an OpenLDAP server. The synchronization is working properly i.e. users in CUCM also exist in CUP. However, when I tried to login into Jabber, it keeps giving me "Invalid Username/Password" error. I tried logging into Cisco Unified CM User Options (<ip address>/ccmuser) using the same credentials and succeeded. However, I failed to login to Cisco Unified Presence User Options (<ip address>/cupuser).

Any help?

Thank you

Aaron Harrison · ‎02-01-2013

Hi

Have you restarted CUPS since enabling the LDAP Sync on CUCM?

Have you configured your CUPS attribute map? By default that's set up for AD, i.e. userid=samaccountname, but should be userid=uid (assuming you are using uid for ID in CCM). I'm not sure if that would affect login to the web page, but worth checking anyway.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

aldred.benedict · ‎02-01-2013

Yes I have restarted CUPS to no avail

What do you mean by configuring CUPS attribute map? My current deployment is CUPS --syncs--> CUCM --syncs--> LDAP. From what I understand, I do not have to configure any attributes in CUPS as it will be automatically synced from CUCM

Aaron Harrison · ‎02-01-2013

Hi

I mean in CUPS (Jabber/Settings menu).. like I say that may not have an impact on your issue, as you say it primarily syncs from CUCM - but I'm sure I've seen similar things when using alternate atts in AD (e.g. userid=telephonenumber).

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

aldred.benedict · ‎02-01-2013

I see,

Well, I changed the Directory Server Type to OpenLDAP so that the UserID field becomes uid, but still not working. Nice try anyways and I really do appreciate your help

Aaron Harrison · ‎02-01-2013

OK - well... I guess now it's time to look at the logs.

Have you tried scanning the logs for instances of your username?

e.g.

file search activelog / USERNAME recurs reltime minutes 10 ignorecase

That should flag up any files where your username appears, so you should see a reference to the auth attempt. Once you see that you'll know what files to look at to get more info.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

aldred.benedict · ‎02-01-2013

Can you tell me how to view logs? Honestly I have never accessed any Call Manager Logs before.

Edit:

Found out what you are talking about. Log is attached

asilveira · ‎04-03-2013

Hi Aldred,

Did you solve the problem? I have exactly the same scenario and the same problem. Could you share the solution, please?

Thanks in advance.

André

aldred.benedict · ‎04-03-2013

Hi Andre,

Yes I managed to solve the issue. It turns out that my Presence server cannot reach the LDAP server (no network route) but my Call Manager server can reach the LDAP server. Once I added ip route, the issue is solved.

asilveira · ‎04-04-2013

Thank you for sharing.

orlandoguy82 · ‎02-05-2014

I had this exact same issue. Mine was due to a failover. Users were all moved to one server so about half were not working. In CUPS go to System -> Cluster Topology and expand the cluster. Look for Red Xs indicating an issue. Click one where it gives the number of assigned users. Do any say "Failed Over" and have that check box? The ones that do not likely are getting this message of invalid UN/PW. You can test this by pointing the jabber client directly at the working server (the server their name is not under in Cluster Topology). If this is your scenario look for errors and then try clicking the cluster to get "Subcluster Detail" page and click the "Failover" button on the server that has that option. The red X should disappear and the users should be on their subsequent server again and thus should be able to log in.