Verifying the LDAP configuration
When the common.properties and ldap.properties files have been updated, reset the IBM Tivoli Remote Control application by clicking Admin > Reset Application. When the service has restarted launch the IBM Tivoli Remote Control application and at the logon page attempt to login using an Active Directory userid and password. If the entries in the LDAP properties file are correct you will be authenticated and will be logged on successfully.
IBM Tivoli Remote Control does this by connecting directly to LDAP therefore, any password changes within LDAP will be immediately effective as long as the LDAP password change has synchronised to the LDAP server which is set within the LDAP.properties file.
To determine the cause of the failure look in the trc.log file or the application log within the Admin menu.
- From the menu bar click Admin
- Click View application log
- Click CTRL+END to reach the end of the file
Some common errors are listed below. Please note that the presence of these errors indicates that there was a problem creating the initial connection between IBM Tivoli Remote Control and Active Directory.
-
AcceptSecurityContext error, data 525
- Returns when username is invalid AcceptSecurityContext error, data 52e
- Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted. AcceptSecurityContext error, data 530
- Logon failure: account logon time restriction violation. Returns only when presented with valid username and password/credential. AcceptSecurityContext error, data 531
- Logon failure user not allowed to log on to this computer. Returns only when presented with valid username and password/credential AcceptSecurityContext error, data 532
- Logon failure: the specified account password has expired. Returns only when presented with valid username and password/credential. AcceptSecurityContext error, data 533
- Logon failure account currently disabled. Returns only when presented with valid username and password/credential. AcceptSecurityContext error, data 701
- The user's account has expired. Returns only when presented with valid username and password/credential. AcceptSecurityContext error, data 773
- The user's password must be changed before logging on the first time. Returns only when presented with valid user-name and password/credential. AcceptSecurityContext error, data 775
- The referenced account is currently locked out and may not be logged on to. Returns even if invalid password is presented. LDAP Authentication.exceptionmyserver.mydomain.com:389
- Returns when the server name specified by ldap.connectionURL is unreachable.
Verifying Importation of Groups
When authentication is successful and you are logged on to the TRC server, complete the following step.
- From the IBM Tivoli Remote Control server menu bar click User groups->All User Groups
The groups defined in Active Directory should be displayed. Permissions will need to be defined for these groups by an administrator. See the IBM Tivoli Remote Control Administrator's Guide for details of editing a user group.