cancel
Showing results for 
Search instead for 
Did you mean: 

Error creating user accounts and SSO

Hello all,

I am running 9.1.3 on an ESM/ELM/Receiver combo box and having issues with user accounts.

I have tried setting up single-sign-on to both a RADIUS server and an AD server, but when I try and log on with the RADIUS and AD credentials I get an "Error: could not read record" message.  I checked the logs on the RADIUS and AD server and there are no errors on that side - the RADIUS and AD server both showed that the user was successfully authenticated.

When I try to add a local user account as a fallback (in addition to the NGCP account), I get an error that says "Error: write errot (ER23)".

Has anyone else seen these errors before, and if so, what did you do to resolve?

For information (not sure that this even matters): the ELM management DB has been migrated to an external storage device, which I can see in the RAID configuration is happy and healthy.  I had someone mention checking the permissions on whatever files/databases the ESM uses to store user accounts, but I don't know where those are or whether that is supported by McAfee.

1 Reply
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Error creating user accounts and SSO

Hi Bluesolider

For AD authentication you need to have a group;

"For active directory authentication to work, a group must be created (see Add Groups section) with the same name as the active directory group that needs to have access to the ESMI. For example, if you name the active directory group "McAfee Users," you need to go to System Properties > Users and Groups and add a group named "McAfee Users.""

I also see for radius that;

"Access groups must be set up on the ESM before using RADIUS authentication. These access group names will be used when configuring the RADIUS server. When a user is authenticated, the RADIUS server returns a list of the user’s allowed access groups, so the access group names on the ESM and the RADIUS server must match for a user to have privileges on the ESM. This is case sensitive."

There is additional information in KB74810

If you are still having an issue with this then I would recommend contacting support and logging a ticket.



Regards


Chris

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community