Active Directory setup

Version 1
    This document was generated from CDN thread

    Created by: Ted Bienapfl on 07-10-2011 09:58:49 AM
    We are having a major issue trying to get Active Directory integration up and working.  We have followed the specs found at the cisco DocWiki to a T with no success.  Does anyone have any information on how I can troubleshoot this?

    Subject: RE: Active Directory setup
    Replied by: John Russell on 07-10-2011 10:10:16 AM
    What specific problem are you having? Is it just that with these settings the users in AD can't log in?

    Subject: RE: Active Directory setup
    Replied by: Ted Bienapfl on 07-10-2011 10:12:48 AM
    Yes - we have tried every possible combination and based upon what we see here

    Social Miner Doc Wiki 8.5.3

    The Manager DN is a Domain Admin and we can connect with other LDAP browsers or AD tools just fine using the exact same string...

    Subject: RE: Active Directory setup
    Replied by: John Russell on 07-10-2011 11:24:43 AM
    You mentioned having tried other AD tools to access the directory.  What we usually see in cases like this is that the SocialMiner box itself can't see the directory.  Can you use the CLI tools on the SocialMiner box to try to ping the AD machine to make sure it is reachable from there?

    Subject: RE: Active Directory setup
    Replied by: John Russell on 07-10-2011 11:31:23 AM
    Is the host that you are using a global catalog?  Port 3268 only works against a GC.  389 might work against a non-GC, but I think we only tested 3268 on a GC and 3269 for SSL to the GC.

    Subject: RE: Active Directory setup
    Replied by: Ted Bienapfl on 07-10-2011 11:28:31 AM
    yes - it can reach the AD machine(s) just fine.  I am at a loss...

    Subject: RE: Active Directory setup
    Replied by: Ted Bienapfl on 07-10-2011 11:47:55 AM
    Ill let you know on the GC needs and report to this forum once I get results back.

    Subject: RE: Active Directory setup
    Replied by: Ted Bienapfl on 07-10-2011 01:14:04 PM
    got it...

    GC was the deal in the end.  Also - had to enable a setting on the AD side to allow for looking at the necessary trees.

    Subject: RE: Active Directory setup
    Replied by: Travis Cassell on 28-12-2011 03:21:09 PM
    I am having the same issue but nothing seems to work for me.  I am confirmed that I'm accessing the GC but have also tried 389.  I've tried several accounts including a domain admin account to bind with but it won't work.  Are there specific logs that I can look at or anything else to try?

    Thanks
    Travis

    Subject: RE: Active Directory setup
    Replied by: John Russell on 03-01-2012 02:34:02 PM
    Can you post a zipped system health snapshot (Admin tab->System Logs->System Health Snapshot).
    Also, can you describe in more detail how you have AD set up?

    The problem that we have had with AD is that we don't get any information back from the AD server when something goes wrong, only that it failed, so that is all that's in the logs.
    Things to check for are that you can ping the AD server from the SocialMiner server, that the user you are using can log in from other places and that you are using the GC with the ports mentioned above depending on whether you are using SSL or not.