logo

Warning: The forum is now for consultation only. Please use GitHub Discussions to post any questions or comments.


Welcome Guest ! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
treesprite  
#1 Posted : Friday, November 19, 2021 10:13:51 PM(UTC)
treesprite

Rank: Newbie

Groups: Registered
Joined: 1/4/2018(UTC)
Posts: 4
United States
Location: Little Rock

We took our main domain controller off line and using new domain controller. Since that change, no one can login to Seal Reporting. The message is "The user is authenticated but he does not belong to any security group."

To test, we brought the old domain back on line and users could once again login.

Can you point me in the direction to modify what is needed??

epf  
#2 Posted : Saturday, November 20, 2021 4:21:01 PM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 1,209
Switzerland

Thanks: 14 times
Was thanked: 205 time(s) in 198 post(s)
You have to master the Web Security you have implemented:
This is configured using the Server Manager then Menu Configuration -> Configure Web Security (or CTRL + W)
I guess here you are using the Integrated Windows Authentication.
You can check the Parameters and the Security Script.

The messages says that the Windows Groups of the user do not match a Security Group defined in Seal Report.
You have 3 parameters you can play with to configure the group matching.

Here is some documentation: https://sealreport.org/Server#lineSecurity
treesprite  
#3 Posted : Saturday, November 20, 2021 8:18:13 PM(UTC)
treesprite

Rank: Newbie

Groups: Registered
Joined: 1/4/2018(UTC)
Posts: 4
United States
Location: Little Rock

epf,

Thanks for your reply. Everything within the Seal Server Manager is still set correctly so I have reached out to one of our Network Analysts to review how the domain controller is defined.

Edited by user Sunday, November 21, 2021 2:13:13 PM(UTC)  | Reason: Not specified

treesprite  
#4 Posted : Wednesday, December 1, 2021 7:37:49 PM(UTC)
treesprite

Rank: Newbie

Groups: Registered
Joined: 1/4/2018(UTC)
Posts: 4
United States
Location: Little Rock

Good Afternoon epf,

Users are still experiencing Active Directory login issues to the Seal Reports. An old domain was taken off line and a new domain is on line and I can see the new domain IP when I run "ipconfig /all".

After attempting to log in, I can go to the server Event Viewer and see the following error:

Error:
The user is authenticated but he does not belong to any security group.
Warning:
Error getting groups using AD...
The server is not operational.

--->The error then lists the OLD domain that was taken off line.

I cannot find anywhere in the Seal Server Configuration where a domain is defined.
Can you point me to a specific change that needs to be made?

Thank you for your time on this.
epf  
#5 Posted : Thursday, December 2, 2021 7:11:11 AM(UTC)
epf

Rank: Administration

Groups: Administrators
Joined: 12/20/2013(UTC)
Posts: 1,209
Switzerland

Thanks: 14 times
Was thanked: 205 time(s) in 198 post(s)
I am not familiar with you configuration. So it is difficult to say.

The error comes from the code in SecurityUser.cs:
Code:
        List<string> GetWindowsGroupsUsingAD(string contextType)
        {
            var result = new List<string>();
            try
            {
                // set up domain context
                UserPrincipal = null;
                PrincipalContext context = new PrincipalContext((ContextType)Enum.Parse(typeof(ContextType), contextType));
                string name = WebUserName;
                if (WebPrincipal != null) name = WebPrincipal.Identity.Name;
                if (Identity != null) name = Identity.Name;

                var user = new UserPrincipal(context);
                user.SamAccountName = name;
                var searcher = new PrincipalSearcher(user);
                user = searcher.FindOne() as UserPrincipal;
                if (user == null) user = UserPrincipal.FindByIdentity(context, name);

                if (user != null)
                {
                    UserPrincipal = user;
                    var groups = user.GetAuthorizationGroups();
                    // enumerate over them
                    foreach (Principal p in groups)
                    {
                        result.Add(p.Name);
                    }
                }
                else throw new Exception("Unable to find user:" + name);
            }
            catch (Exception ex)
            {
                if (_tryAgainAD)
                {
                    _tryAgainAD = false;
                    result = GetWindowsGroupsUsingAD(contextType);
                }
                else
                {
                    Warning += "Error getting groups using AD...\r\n" + ex.Message + "\r\n";
                }
            }
            return result;
        }


Perhaps you should insert it into your Security Script to understand what is going on.
Good luck.
treesprite  
#6 Posted : Thursday, December 2, 2021 5:38:24 PM(UTC)
treesprite

Rank: Newbie

Groups: Registered
Joined: 1/4/2018(UTC)
Posts: 4
United States
Location: Little Rock

Thank you for your reply.

I ended up resolving the issue following this forum thread: https://sealreport.org/f...t.aspx?g=posts&t=356
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.