Rank: Newbie
Groups: Registered
Joined: 1/4/2018(UTC) Posts: 4  Location: Little Rock
|
We took our main domain controller off line and using new domain controller. Since that change, no one can login to Seal Reporting. The message is "The user is authenticated but he does not belong to any security group."
To test, we brought the old domain back on line and users could once again login.
Can you point me in the direction to modify what is needed??
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209  Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
You have to master the Web Security you have implemented: This is configured using the Server Manager then Menu Configuration -> Configure Web Security (or CTRL + W) I guess here you are using the Integrated Windows Authentication. You can check the Parameters and the Security Script. The messages says that the Windows Groups of the user do not match a Security Group defined in Seal Report. You have 3 parameters you can play with to configure the group matching. Here is some documentation: https://sealreport.org/Server#lineSecurity
|
|
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 1/4/2018(UTC) Posts: 4 Location: Little Rock
|
epf, Thanks for your reply. Everything within the Seal Server Manager is still set correctly so I have reached out to one of our Network Analysts to review how the domain controller is defined. Edited by user Sunday, November 21, 2021 2:13:13 PM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 1/4/2018(UTC) Posts: 4 Location: Little Rock
|
Good Afternoon epf,
Users are still experiencing Active Directory login issues to the Seal Reports. An old domain was taken off line and a new domain is on line and I can see the new domain IP when I run "ipconfig /all".
After attempting to log in, I can go to the server Event Viewer and see the following error:
Error:
The user is authenticated but he does not belong to any security group.
Warning:
Error getting groups using AD...
The server is not operational.
--->The error then lists the OLD domain that was taken off line.
I cannot find anywhere in the Seal Server Configuration where a domain is defined.
Can you point me to a specific change that needs to be made?
Thank you for your time on this.
|
|
|
|
|
|
Rank: Administration
Groups: Administrators
Joined: 12/20/2013(UTC) Posts: 1,209 Thanks: 14 times
Was thanked: 206 time(s) in 199 post(s)
|
I am not familiar with you configuration. So it is difficult to say. The error comes from the code in SecurityUser.cs: Code: List<string> GetWindowsGroupsUsingAD(string contextType)
{
var result = new List<string>();
try
{
// set up domain context
UserPrincipal = null;
PrincipalContext context = new PrincipalContext((ContextType)Enum.Parse(typeof(ContextType), contextType));
string name = WebUserName;
if (WebPrincipal != null) name = WebPrincipal.Identity.Name;
if (Identity != null) name = Identity.Name;
var user = new UserPrincipal(context);
user.SamAccountName = name;
var searcher = new PrincipalSearcher(user);
user = searcher.FindOne() as UserPrincipal;
if (user == null) user = UserPrincipal.FindByIdentity(context, name);
if (user != null)
{
UserPrincipal = user;
var groups = user.GetAuthorizationGroups();
// enumerate over them
foreach (Principal p in groups)
{
result.Add(p.Name);
}
}
else throw new Exception("Unable to find user:" + name);
}
catch (Exception ex)
{
if (_tryAgainAD)
{
_tryAgainAD = false;
result = GetWindowsGroupsUsingAD(contextType);
}
else
{
Warning += "Error getting groups using AD...\r\n" + ex.Message + "\r\n";
}
}
return result;
}
Perhaps you should insert it into your Security Script to understand what is going on. Good luck.
|
|
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 1/4/2018(UTC) Posts: 4 Location: Little Rock
|
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
