Symptoms
Active Directory users are unable to log in or access the NetWorker Management Console (NMC) with their credentials.nsrlogin is failing for the Active Directory user with the error:
username, or password is incorrect
The following command returns the error message:
authc_mgmt -u administrator -p -e query-ldap-groups-for-user -D query-tenant= -D query-domain= -D user-name=
ERROR [main] (DefaultLogger.java:222) - Error while performing Operation:
com.emc.brs.auth.common.exception.BRHttpErrorException: 404 . Server message: A user with the name does not exist in authority at com.emc.brs.auth.client.template.impl.DefaultBRResponseErrorHandler.handleError(DefaultBRResponseErrorHandler.java:65) ~[auth-cli-with-dependencies.jar:?]
Cause
The external authority is configured to search for the users and groups only at the root domain level.
Resolution
Update the external authority configuration. Change the following lines in:
/opt/nsr/authc-server/scripts/authc-create-ad-config.sh.
From :
authc_config -u administrator -p -e add-config \
-D "config-search-subtree=n" \
To:
authc_config -u administrator -p -e update-config \
-D "config-search-subtree=y" \
All other properties and values in the script remain the same. For more details on authc scripting, see Dell article 15832: NetWorker: How To Set up LDAP/AD using authc_config scripts
Save the changes.Run the script:
authc-create-ad-config.sh
Retry the nsrlogin command:
nsrlogin -t -d -u
