I am interested to know what you mean by using UPN too. I have a similar situation.
My User search filter within the AREA form has "samaccountname=$\USER$". We were having a External Authentication problem. We have since changed our HOST NAME to a specific IP address of a domain controller. It was set to the domain, now that is it getting more users, we tried a specific Domain controller by name. We still got problems. So now I changed it to a specific DC's IP address. The errors haven't come back yet. Thanks. ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Baxter, Andrew Sent: Thursday, January 25, 2007 8:19 AM To: arslist@ARSLIST.ORG Subject: Re: Login problems using AREA LDAP Authentication To the best of my knowledge, if your ARS servers are in the same domain as your windows users accounts there is no need for the AREA LDAP Authentication module. We definitely do not have it enabled here and we are authenticating against three different domains in a single forest using the UPN instead of the SamAccountName. I have not done extensive testing with using only the samaccountname, but I would believe that would work just fine for a single domain as long as your ARS server and user accounts are in the same domain. Thanks, Andrew Baxter ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Estrella, Lisa Sent: Thursday, January 25, 2007 10:37 AM To: arslist@ARSLIST.ORG Subject: Re: Login problems using AREA LDAP Authentication Hi Andrew, Yes, the servers are on windows and the same domain as the user accounts. I am using the "samaccountname" as the login ID's for remedy. I do have the passwords cleared and the cross reference blank passwords checked. Are you saying that we aren't using the AREA LDAP if that is checked? I thought you had to have that information filled out so that it knew where to authenticate. Now I'm getting confused... Sorry! Thanks, Lisa ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Baxter, Andrew Sent: Thursday, January 25, 2007 9:15 AM To: arslist@ARSLIST.ORG Subject: Re: Login problems using AREA LDAP Authentication I believe your ARS Servers is also running on windows. Is this server in the same domain as your users accounts? What are you using for logon ID's in Remedy, it appears the samaccountname without a domain prefix. If your ARS Server is in the same domain as your user accounts and it is running on windows there shouldn't be any need to use the AREA LDAP Authentication, you should be able to simply clear the passwords for all users from Remedy and check the box to cross reference blank passwords. We are using the Active Directory UPN for the Remedy login at my company so we can handle multiple domains without using AREA LDAP Authentication. Thanks, Andrew Baxter ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Estrella, Lisa Sent: Thursday, January 25, 2007 10:04 AM To: arslist@ARSLIST.ORG Subject: Re: Login problems using AREA LDAP Authentication Hi, I'm using the following: Host name: hqdc1.ad.navteq.com User base: DC=ad,DC=navteq,DC=com User Search: samaccountname=$\USER$ I haven't noticed any problems like you are describing...it's just some people aren't able to log into remedy after changing their password. I have had them try to use their old password and that doesn't work either. That is why I initially had the helpdesk reset their password again and then it works. So, I'm not sure what is going on. Just to clarify...it only happens every once in a while and not for everyone. ??? Thanks, Lisa ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of ARSList Sent: Wednesday, January 24, 2007 3:52 PM To: arslist@ARSLIST.ORG Subject: Re: Login problems using AREA LDAP Authentication What Host name, User Base, and User Search Filter settings? I have noticed AREA (somehow) uses a cached password on our system for about an hour. I am not sure how this happens though. It seems pretty weird. If I change my LDAP password, I can still use my old password for around an hour, along with the new password. Be sure your Distinguished Name logon account can see all the OUs below wherever the users are. ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Estrella, Lisa Sent: Wednesday, January 24, 2007 11:38 AM To: arslist@ARSLIST.ORG Subject: Login problems using AREA LDAP Authentication Good afternoon, Has anyone who is using AREA LDAP authentication experienced the following problem? And if so, were you able to fix it? Sometimes when a user is prompted to change their network password (and they change it) they are no longer able to log into the midtier. They receive the standard authentication error. If our helpdesk resets the password for them, then they are able to login just fine. I know that sometimes it can take up to 15 minutes to replicate between AD servers, but I still don't understand why this is happening with some of my users when they manually change their password. I just wanted to see if anyone else has experienced this. Thanks, Lisa ARS 6.3 patch 18 HD 6.0 CM 6.0 SQL Win Server 2003 __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"