Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error creating user accounts and SSO

Hello all,

I am running 9.1.3 on an ESM/ELM/Receiver combo box and having issues with user accounts.

I have tried setting up single-sign-on to both a RADIUS server and an AD server, but when I try and log on with the RADIUS and AD credentials I get an "Error: could not read record" message.  I checked the logs on the RADIUS and AD server and there are no errors on that side - the RADIUS and AD server both showed that the user was successfully authenticated.

When I try to add a local user account as a fallback (in addition to the NGCP account), I get an error that says "Error: write errot (ER23)".

Has anyone else seen these errors before, and if so, what did you do to resolve?

For information (not sure that this even matters): the ELM management DB has been migrated to an external storage device, which I can see in the RAID configuration is happy and healthy.  I had someone mention checking the permissions on whatever files/databases the ESM uses to store user accounts, but I don't know where those are or whether that is supported by McAfee.

1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Error creating user accounts and SSO

Hi Bluesolider

For AD authentication you need to have a group;

"For active directory authentication to work, a group must be created (see Add Groups section) with the same name as the active directory group that needs to have access to the ESMI. For example, if you name the active directory group "McAfee Users," you need to go to System Properties > Users and Groups and add a group named "McAfee Users.""

I also see for radius that;

"Access groups must be set up on the ESM before using RADIUS authentication. These access group names will be used when configuring the RADIUS server. When a user is authenticated, the RADIUS server returns a list of the user’s allowed access groups, so the access group names on the ESM and the RADIUS server must match for a user to have privileges on the ESM. This is case sensitive."

There is additional information in KB74810

If you are still having an issue with this then I would recommend contacting support and logging a ticket.



You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community