This document provides troubleshooting guidelines for common problems related to user source authentication in ZENworks 11 SP3. If, after completing the troubleshooting steps, the problem is not resolved, please contact Novell Technical Support for additional help.
Syptoms: In addition to being prompted to log in to the LDAP user source, users are prompted to log in to ZENworks.
Does your Management Zone connect to multiple user sources. If so:
Users will always be prompted to log in to ZENworks their first time.
Are the users selecting the correct user source? They must select the source in which their user account resides. Until they do so, they will continue to be prompted to log in.
In ZENworks Control Center, verify that ZENworks is connected to the user source. To do so, click. In the panel, confirm that the status is green. If it is not, check the following:
Is the user source’s LDAP server running?.
Has the LDAP server’s DNS name or IP address changed?
If so, edit the user source to change its connection address. To do so, click the user source (in thepanel) to display its configuration information. In the panel, click the connection to display the Edit Connection Details dialog box, change the server address, then click . Do this to update each connection defined for the user source.
Are the SSL certificates up to date?
To update the certificates, click the user source (in thepanel) to display its configuration information. In the panel, click the connection to display the Edit Connection Details dialog box, then click the button. Do this to update each connection defined for the user source.
Are the user credentials used to authenticate to the user source correct?
To check, click the user source (in thepanel) to display its configuration information. In the panel, edit the username and password to ensure that they are correct.
Do the user credentials have the correct permissions?
For Active Directory, you can use a basic user account. This provides sufficient read access to the directory.
For eDirectory, the user account requires read rights to the following attributes: CN, O, OU, C, DC, GUID, WM:NAME DNS, and Object Class. You can assign the rights at the directory’s root context or at another context you designate as the ZENworks root context.
If you are using Kerberos or Shared Secret authentication mechanisms for the user source, are they configured correctly? For details, see ZENworks 11 SP3 User Source and Authentication Reference.
Make sure that the time on the device and any Primary Servers and Satellite Servers it accesses are synchronized (within 2 minutes of each other).
Is the user located in one of the containers defined for the user source (user source >panel)?
As a general note, be aware that large number of containers/contexts can significantly slow the login process or cause the login to time out.
Check to see if the device can connect to the Primary Server or Satellite Server that is functioning as its Authentication server:
On the device, run zac zc -l at a command prompt to list the device’s Authentication servers.
On the workstation, ping the DNS name and IP address of the Authentication server to verify connectivity
If the Authentication server is a Satellite server, can the Satellite server contact its parent Primary server?
At a command prompt on the workstation, run zac retr to reestablish trust with the Management Zone.
Make sure the device can resolve the server name as appears on the ZENworks certificate. Is the ZENworks certificate valid?
Do you have the Antivirus exclusions applied for CASA on the device?
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2015 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.