Hurdles with Windows AD Authentication Configurati...

former_member211289 · ‎2020 Jun 05

Dear Team,
Please be informed that when we try to configure Windows AD Authentication, we are facing difficulties with various errors.
Kindly check and do the needful.

Process I followed:
Enabled WinAD Authentication
Gave AD Administration name and Default Domain name
Click update
Got Invalid group name, cannot find group (S-1-5-21-3132330154-158638298-2079404797-18577)
Click cancel
Gave SPN and other details
Click update
Got The Active Directory Authentication plugin does require valid global administration credentials in order to access Active Directory. Please specify administration credentials and try again.

Errors:
1. Invalid group name, cannot find group (S-1-5-21-3132330154-158638298-2079404797-18577) ?
We don't have any group named with (S-1-5-21-3132330154-158638298-2079404797-18577), verified in Query Builder.

2. The Active Directory Authentication plugin does require valid global administration credentials in order to access Active Directory. Please specify administration credentials and try again ?

We got to know that AD authentication will not continue if the AD account used to read the AD directory (service account\AD Administration Name) doesn't have read permissions on the Domain Controller.

Thanks
Ram

BasicTek · ‎2020 Jun 05

The AD administration account requires read and query rights to AD, furthermore if you are dealing with multiple forests the proper forest trust must be in place.

When your group error occurs with an invalid sid, that would indicate you tried to add a group that no longer exists in AD.

Hurdles with Windows AD Authentication Configuration

Know the answer?

Need more details?