This question was originally posted on DCIM Support by Everard Eduard on 2019-12-19
Hi,
We want to use DCE as authentication server in ITA.
But get the following error and can't select any username.
What can be the reason?
Regards,
Eduard
(CID:152571091)
This comment was originally posted on DCIM Support by spezialist on 2019-12-19
Dear Everard Eduard,
From your question:
We want to use DCE as authentication server in ITA.
Where did you get such information? As far as I know, the DCE-server has never been and cannot be an authentication server.
With respect.
(CID:152571119)
This comment was originally posted on DCIM Support by Everard Eduard on 2019-12-19
Hi,
Stange answer? DCE is even listed in the drop down menu.
Regards,
Eduard
(CID:152571141)
This comment was originally posted on DCIM Support by spezialist on 2019-12-19
I am also interested to know: and how does it work?..
(CID:152571162)
This answer was originally posted on DCIM Support by Jef Faridi on 2019-12-19
Hi Eduard,
What is the version of your DCE?
It is supported to integrate DCE as authentication server in DCO/ITA.
However, it seems we have software bug that needs to be fixed. I have verified this moment ago with ITA 9.0.4 & DCE 7.7.1, getting similar error when trying to add user that should have been authenticated via DCE.
I have logged a bug report for this.
Thanks,
Kind regards
(CID:152571185)
This comment was originally posted on DCIM Support by spezialist on 2019-12-19
Dear Jef Faridi,
From your answer:
It is supported to integrate DCE as authentication server in DCO/ITA.
Tell me please, somewhere in the documentation on DCE it is said about such a possibility?
The DCIM community will be grateful if you indicate where is located the detailed description of this possibility (in the documentation or on the DCIM portal).
Very thanks for the support.
(CID:152571206)
This comment was originally posted on DCIM Support by Greg Sterling on 2019-12-19
There is a mention to this functionality in the DCO documentation here: https://sxwhelpcenter.ecostruxureit.com/display/UADCO8x/Configuring+authentication+servers+used+for+...
(CID:152571231)
This comment was originally posted on DCIM Support by spezialist on 2019-12-19
Greg Sterling, thanks for the info.
If possible, briefly tell us which authentication mechanism is used in this case (via DCE)?
In addition, I drew attention to this:
Indirect AD authentication (via DCE) is not recommended.
Can you comment please?
Very thanks for the support.
(CID:152571236)
This comment was originally posted on DCIM Support by Everard Eduard on 2019-12-19
Hi Jef,
I'm running the same version as you:
ITA 9.0.4 & DCE 7.7.1
Regards,
Eduard
(CID:152571246)
This comment was originally posted on DCIM Support by Valentin Kozlov on 2019-12-20
spezialist, this mechanism was implemented in early DCO versions. At that moment DCO had no AD authentication feature, but it was in DCE. So you create remote user in DCE which authenticated via AD. And after that create user in DCO which autenticated in DCE.
And when you try to login into DCO, it call DCE, which call AD and in the end of the journey user is athenticated by AD 🙂
(CID:153092177)
This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20
Hi all,
Many thanks for the info Eduard. Issue might basically be related to the latest improvement in DCE itself, however as mentioned I have logged an investigation/enhancement case for this.
And to clarify:
In ITA (or DCO) when configuring authentication servers, the supported types are:
Active Directory
Data Center Expert
LDAP
This type of authentication has been (and still is) supported since early DCO versions.
The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.
Kind regards
(CID:153092189)
This comment was originally posted on DCIM Support by spezialist on 2019-12-20
Valentin Kozlov and Jef Faridi,
Many thanks for the useful information.
It seems to me, that this detailed information should be published on the DCIM portal in both the DCO and DCE support sections.
With respect.
(CID:153092195)
This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20
Hi,
This feature is being used in DCO/ITA, for more info please see the following page:
Kind regards
(CID:153092198)
This comment was originally posted on DCIM Support by spezialist on 2019-12-20
Jef Faridi,
I know this and this is good, but it does not say about the restriction that you wrote about:
The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.
I think this is an important nuance.
With respect.
(CID:153092201)
This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20
Hi,
The documentation (in the above mentioned web page) says "Indirect AD authentication (via DCE) is not recommended."
But, thanks for the suggestion, will add additional note to make it more clear.
Kind regards
(CID:153092207)
This comment was originally posted on DCIM Support by spezialist on 2019-12-20
Ok, many thanks for the clarification.
(CID:153092213)
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!