Unable to login to CCMuser site for new user from a new domain.

Unanswered Question
Nov 25th, 2009

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

We have CUCM 6.1.  We want to add new users from new domain. 

I have added LDAP directory for this new domain and has been able to pull the new users from this new domain.

I went to “User Management > End User” and found the new users from the new domain. So CUCM is able to see the users.

I have associated the user with one of the phone and then assign the Primary Extension, and then in the permission information, I added the “Standard CCM End Users” for this user which will give the user Roles as “Standard CCM End User” and “Standard CCMUSER Administration”

When the user go to the CCM user page, the user got “Log on failed - Invalid User ID or Password”

I have the user from the existing/old domain that is already with CUCM and the user is able to login fine. Seems to be only from the users from the new domain.

It seems that it has an Authentication issue.  Can someone give me an idea how to fix this?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Chris Deren Wed, 11/25/2009 - 13:18

Did you create new LDAP authentication for the new domain in CM beside just the LDAP search?

Chris

sienz.sienz Wed, 11/25/2009 - 13:58

I was thinking the same thing but I do not see where can I create a new LDAP authentication.

I go to "CCMadmin > System>LDAP authentication" and I see that is "LDAP authentication for End User". Currently it is for the old/existing domain that has already been setup with CUCM. but i do not see there an option to add another one.

How/Where can we create another "LDAP authentication for End User"?

or am i missing something?

Jaime Valencia Wed, 11/25/2009 - 16:10

You cannot create another, you can only configure 1.

LDAP Authentication

To enable authentication, a single authentication agreement may be defined for the entire cluster.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1070369

If you're going to migrate all to the new domain just delete and recreate, if not read the section:

Additional Considerations for Microsoft Active Directory

contained in the above doc.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

sienz.sienz Tue, 12/01/2009 - 15:20

It seems that it is only working on the Parent-Child Domain situation which we can point the LDAP Authentication on the parent domain.


In our environment, we do not have Parent-Child Domain.  Each domain is in each forest.  So in this case, our users got imported but they would not be authenticated.

Can someone confirm or have any advice on this?

Thanks

Sascha Monteiro Tue, 12/01/2009 - 15:58

I had a quick look at the SRND (the link that Java posted), and as far as I could see, you can authenticate against the GC, but need to sync on the UPN instead of the userid..??

Actions

This Discussion