Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
4
Replies

TES 6.2.1 multiple domains

Joe Fletcher
Level 1
Level 1

‎02-23-2015 04:02 AM - edited ‎03-01-2019 09:13 AM

Hi,

 

Anyone got a multiple domain config working in 6.2.1? Either I'm being blind or there's gap in the documentation.

I've got the section for the Client manager but so far I haven't found out if there is an equivalent for the master.

 

http://www.cisco.com/c/en/us/td/docs/net_mgmt/datacenter_mgmt/Tidal_Enterprise_Scheduler/6-2/installation/guide/Cisco_TES_6-2_Installation_Guide/Installing_ClientManager.html#17582

 

The release notes say it can be done; just not how.

 

TIA

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

zhuxiaokun
Level 1
Level 1

‎05-19-2016 07:31 AM

We have the same problem, opened a ticket, and CISCO support found a previous case (I guess it is your case) and fixed it.

The instruction from Installation PDF is to add "Security.Authentication.Ext.File=user-auth.xml" to master.props file, then provide your user-auth.xml file.

When we implement it, we commented out the line of "Security.Authentication=ActiveDirectory", because in the multi-domain configuration XML file, we have LDAP as available authentication as well. After this change, the CM is successful to authenticate from multiple source, but the Master cannot authenticate from any. CISCO solution is to add this line back to the master.props file, then at least the primary AD authentication works, we still need to test other.

0 Helpful

Joe Fletcher
Level 1
Level 1
In response to zhuxiaokun

‎05-19-2016 07:37 AM

Hi,

Doesn't sound at first glance like you've actually got a fix. It appears there are partial solutions but nothing complete.

Cheers

0 Helpful

Maximilian Gallagher
Cisco Employee
Cisco Employee
In response to Joe Fletcher

‎05-19-2016 07:45 AM

Correct. I'm working on writing a bug for this now.

0 Helpful

sdeciscoip
Level 1
Level 1
In response to zhuxiaokun

‎05-27-2016 01:13 PM

We authenticate to two different AD domains.  Our master.props file looks like this (for the authentication section):

Security.Authentication=ActiveDirectory
ActiveDirectory.Host=corp.domain.com
ActiveDirectory.Port=389
ActiveDirectory.UserSearchPrefix=DC=corp,DC=domain,DC=com
ActiveDirectory.GroupSearchPrefix=DC=corp,DC=domain,DC=com

Security.Authentication.Ext.File=user-auth.xml

And then in the user-auth.xml we have this:

<ext-user-auth>
<user-auth>
<name>other</name>
<desc>Configure AD for user authentication</desc>
<type>ActiveDirectory</type>
<host>other.domain.com</host>
<port>389</port>
<ad.usersearchprefix>DC=other,DC=domain,DC=com</ad.usersearchprefix>
<ad.groupsearchprefix>DC=other,DC=domain,DC=com</ad.groupsearchprefix>
</user-auth>
</ext-user-auth>

Note that our users have to log in using the format of domain\userid.

0 Helpful
Customers Also Viewed These Support Documents