cancel
Showing results for 
Search instead for 
Did you mean: 

Administrator access via Active Directory?

dan_swartzendru
New Contributor III
Is it possible to login to the web UI authenticated using AD?  I can't seem to get it to work.  I created a role, made sure it it had super admin box checked.  In the AD config, I used the test button to give a user and password.  Unleashed correctly printed out the various groups, including Administrators, and said the user would be assigned to that group.  The role I created was called Administrators, and had 'Administrators' in the Group Attributes, so I *assumed* it would work, but instead I get a login error.  I assume I'm missing a piece of the puzzle here, but no idea what.  Any tips appreciated.
14 REPLIES 14

So if there are any 'funny' characters in the post, I had to use the mode.  Well then...

dan_swartzendru
New Contributor III
Hmmm, interesting. I either found a bug, or something confusing. So, I have user 'Administrator' (set up during install). Local password is (example) 'foo'. 'Administrator' account under AD has password 'bar'. If I login as 'Administrator' and give 'bar', the log shows this: 2020-09-07T10:05:57-04:00 family-room-ap.druber.com syslog: pid=1577, AuthAdmin():admin login succeed, is_local_auth is 0 2020-09-07T10:05:57-04:00 family-room-ap.druber.com syslog: pid=1577, AuthAdmin():the user is not local auth,no need to promote password recovery feature!! (I am using remote syslog feature). The above is as expected. Now, the wrong/weird thing. I login as 'Administrator' using 'foo', and log shows: 2020-09-07T10:07:15-04:00 family-room-ap.druber.com syslog: pid=1577, AuthAdmin():admin login succeed, is_local_auth is 0 2020-09-07T10:07:15-04:00 family-room-ap.druber.com syslog: pid=1577, AuthAdmin():the user is not local auth,no need to promote password recovery feature!! e.g. even though the gave the local password (I have fallback box checked), it is still claiming not local authentication?

tony_heung
Contributor II
The syslog message "no need to promote password recovery feature" takes a number of factors to be generated, not necessarily all based on if it is local auth or not.  I wouldn't based on this message alone and conclude the system has determined this is not local auth even using the local password.  What if you setup with different admin username for AD while keep the Administrator username as local?  Would you get the same result?

One point of confusion: administrator happens to also be an AD user.  So, I changed the local user to 'admin'.  I then logged in via ssh:

Please login: admin
Password:
Welcome to Ruckus Unleashed Network Command Line Interface
ruckus>

admin login succeed, is_local_auth is 0

something is not right?


Understood.  Basically the AD auth is working fine but you found it odd that the system returned the message saying it is local auth instead?  Maybe it's time to log a ticket with support and so they can examine the log in more detail.