Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 9.1 AD Integration

    Our AD Integration is working great. The only issue I'm having is doing the "Show from AD" and "Sync from AD" remotely. This is working fine when I am using the shoreware director from the server, but when I try to do this using the director remotely, I receive the following error:

    "ERROR" fetch(username) from AD Path (LDAP://domain) failed.

    Please verify the AD Path

    Please make sure the HQ server has the Delegated Rights to Active Directory so (Lance Benzine)'s credentials can be used to read the Active Directory to fetch the user (Username)."

  • #2
    Did you set up your Shoreware server for delegation?

    ADU&C > Right click on the Shoreware server > Properties > Delegation > Select "Trust this computer for delegation to specified services only" > Select "Use any authentication protocol" > Click "Add" > Select your domain controller(s) > Select the "ldap" items from the list > OK > OK

    Comment


    • #3
      OK, hadn't done that, now I did, and still getting the same message...

      Comment


      • #4
        I'd make sure all your domain controllers are listed. Also, in our situation there are 2 LDAP items for each domain controller in the list.

        We set our LDAP string to only the domain ( eg: LDAP://domain.local ).

        Comment


        • #5
          Yeah, all of that is exactly what I did...

          I have the LDAP string set to LDAP://domain already, I added both the ldap items that showed up. Also provided top level read access delegation to the domain.

          Any other ideas? Am I just being impatient and have to wait a bit? Maybe a reboot, or service restart?

          Comment


          • #6
            We didn't have to do either. You could try specifying the FQDN of one of your domain controllers instead: LDAP://server.domain.local

            Comment


            • #7
              figured it out, I had to have the full fqdn to the domain: LDAP://sub.domain.com, once I did that, it worked fine.

              Comment


              • #8
                ADU&C > Right click on the Shoreware server > Properties > Delegation > Select "Trust this computer for delegation to specified services only" > Select "Use any authentication protocol" > Click "Add" > Select your domain controller(s) > Select the "ldap" items from the list > OK > OK

                This plus the full FQDN corrected the issue. Took about 5-10 minutes to start working after this was all done, but this was definitely the solution.

                Comment


                • #9
                  A question. We've set up AD with a few users but it's not working like we'd hoped. We were hoping to have it so when we change network login passwords, we wouldn't have to also update the passwords in PCM. Is this the way it should work?

                  Comment


                  • #10
                    When AD integration is set up the PCM username and password aren't used. The IM username and password are different as far as the PCM is concerned and will need to be updated when your password is changed.

                    Comment


                    • #11
                      So what is the advantage of implementing AD integration? It allows me to log into the director without typing another user name and password but how does it help the end user?

                      Comment


                      • #12
                        They don't have to log into their Call Manager. It passes their domain credentials after logging onto a domain PC.

                        Comment


                        • #13
                          So, any idea how to log into the web access with AD integration turned on? I've tried (domain\username -> Domain pass) (username -> Domain pass)(Shoretel username -> Shoretel Pass) (email address -> Domain pass)... Nothing seems to be working.

                          Comment


                          • #14
                            We're not on 9 yet, but is it safe to assume if your OCS use's AD, then it would be the same password?

                            Comment


                            • #15
                              Originally posted by Jason_C View Post
                              We're not on 9 yet, but is it safe to assume if your OCS use's AD, then it would be the same password?

                              Correct, although the user does have to provide their password for OCS in the PCM.

                              Comment

                              Working...
                              X