Re: /CCMUser Authenticaion Failures - only on *new* AD Users

kenjohnson · ‎03-27-2002

Call Manager Version 3.13(c)

Our Current Acitve Directory Integration seems to be working (and has been for some time).

We went to add new user in context containing other users currently in AVVID - and when I enter proper authentication in the CCMUser page - the page just clears my entries and refreshes to a blank logon screen. (Existing users continue to work fine).

I know the password is being verified on the new account because if I enter a bad password it says "you could not be authenticated successfully" - if I enter the right user name and password - it just clears and refreshes to the logon. Seems to do this for all recently created users. The display name and account name are identical...

Anyone run into this? It actually started happening during our run with 3.12(c) - but the upgrade to 3.13(c) did not seem to fix it...

Hoping for a solution :-) (have had a case open with TAC for a few weeks on this BTW, just fishing for other experiences as we seem to be running into a confounding one here :-/

Thanks!

- Ken

kenjohnson · ‎03-29-2002

Update: I saw this notice http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml but we're on 3.13(c) so I don't think it would be related - but I thought I'd check...still no luck on the TAC side for a resolution :-/

dgoodwin · ‎04-01-2002

Did you make sure that in the properties for that user, that they have both a first name and last name filled out? These are required fields in order for CCMUser to log a user in.

Also, what user search attribute are you using with the plugin configuration? CN or samAccountName? That will determine what username you need to use on the CCMUser login screen.

kenjohnson · ‎04-01-2002

Ok - they have a first and a last name...

the first name is time, last name is stopper, and the userID is timestopper.

From AD's perspecitve, the Display and Fullnames are both timestopper.

It's been so long since I installed the plugin I can't recall - but I thought it was sam - should it be different? I was hesitant to try to remove the AD Plugin because I'd heard it could mess up the schema integration - but I will do if it's adviseable and the only way to find out what field I used to install it...

I of course can log in normally with all the accounts created before a couple months ago (before CM 3.12c? Just not accounts created since then...

Thanks for the feedback though!

:-)

- Ken

Thanks!

- Ken

Andrew Gillies · ‎04-03-2002

I came across the issue with 3.1(2c) where the user had to login to CCMUser with their firstname lastname. For example "Time Stopper" rather than "timestopper". When I upgraded to 3.1(3a)spC the CCMUser the behaviour changed to requiring "timestopper".

If you create a user in CCMAdmin how does it appear in AD? (I think you need to make a registry change on the CM server to allow this)

letnet · ‎04-05-2002

Hm - I tried to do eactly that (create on CCMAdmin) to test and it wouldn't let me - anyone know what the magic registry entry is? :-)

Andrew Gillies · ‎04-21-2002

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/3_0/install/ad_3011.htm

Look under the section "Adding and Deleting Users from Cisco CallManager Administration"

As a default creating users isn't enabled - the above registry entry allows it (with some limitations)