This document provides troubleshooting guidelines for common problems related to user source authentication in ZENworks 11 SP4. If, after completing the troubleshooting steps, the problem is not resolved, please contact Novell Technical Support for additional help.
Syptoms: In addition to being prompted to log in to the LDAP user source, users are prompted to log in to ZENworks.
Does your Management Zone connect to multiple user sources. If so:
Users will always be prompted to log in to ZENworks their first time.
Are the users selecting the correct user source? They must select the source in which their user account resides. Until they do so, they will continue to be prompted to log in.
In ZENworks Control Center, verify that ZENworks is connected to the user source. To do so, click. In the panel, confirm that the status is green. If it is not, check the following:
Is the user source’s LDAP server running?.
Has the LDAP server’s DNS name or IP address changed?
If so, edit the user source to change its connection address. To do so, click the user source (in thepanel) to display its configuration information. In the panel, click the connection to display the Edit Connection Details dialog box, change the server address, then click . Do this to update each connection defined for the user source.
Are the SSL certificates up to date?
To update the certificates, click the user source (in thepanel) to display its configuration information. In the panel, click the connection to display the Edit Connection Details dialog box, then click the button. Do this to update each connection defined for the user source.
Are the user credentials used to authenticate to the user source correct?
To check, click the user source (in thepanel) to display its configuration information. In the panel, edit the username and password to ensure that they are correct.
Do the user credentials have the correct permissions?
For Active Directory, you can use a basic user account. This provides sufficient read access to the directory.
For eDirectory, the user account requires read rights to the following attributes: CN, O, OU, C, DC, GUID, WM:NAME DNS, and Object Class. You can assign the rights at the directory’s root context or at another context you designate as the ZENworks root context.
If you are using Kerberos or Shared Secret authentication mechanisms for the user source, are they configured correctly? For details, see
Authentication Mechanisms in the ZENworks 11 SP4 User Source and Authentication Reference.
Make sure that the time on the device and any Primary Servers and Satellite Servers it accesses are synchronized (within 2 minutes of each other).
Is the user located in one of the containers defined for the user source (user source >panel)?
As a general note, be aware that large number of containers/contexts can significantly slow the login process or cause the login to time out.
Check to see if the device can connect to the Primary Server or Satellite Server that is functioning as its Authentication server:
On the device, run zac zc -l at a command prompt to list the device’s Authentication servers.
On the workstation, ping the DNS name and IP address of the Authentication server to verify connectivity
If the Authentication server is a Satellite server, can the Satellite server contact its parent Primary server?
At a command prompt on the workstation, run zac retr to reestablish trust with the Management Zone.
Make sure the device can resolve the server name as appears on the ZENworks certificate. Is the ZENworks certificate valid?
Do you have the Antivirus exclusions applied for CASA on the device?
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S.
Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.
Copyright © 2016 Novell, Inc. All Rights Reserved.