1 Reply Latest reply on Jan 25, 2013 4:10 PM by Chris Boldiston

    Error creating user accounts and SSO

      Hello all,


      I am running 9.1.3 on an ESM/ELM/Receiver combo box and having issues with user accounts.


      I have tried setting up single-sign-on to both a RADIUS server and an AD server, but when I try and log on with the RADIUS and AD credentials I get an "Error: could not read record" message.  I checked the logs on the RADIUS and AD server and there are no errors on that side - the RADIUS and AD server both showed that the user was successfully authenticated.


      When I try to add a local user account as a fallback (in addition to the NGCP account), I get an error that says "Error: write errot (ER23)".


      Has anyone else seen these errors before, and if so, what did you do to resolve?


      For information (not sure that this even matters): the ELM management DB has been migrated to an external storage device, which I can see in the RAID configuration is happy and healthy.  I had someone mention checking the permissions on whatever files/databases the ESM uses to store user accounts, but I don't know where those are or whether that is supported by McAfee.

        • 1. Re: Error creating user accounts and SSO
          Chris Boldiston

          Hi Bluesolider



          For AD authentication you need to have a group;


          "For active directory authentication to work, a group must be created (see Add Groups section) with the same name as the active directory group that needs to have access to the ESMI. For example, if you name the active directory group "McAfee Users," you need to go to System Properties > Users and Groups and add a group named "McAfee Users.""


          I also see for radius that;


          "Access groups must be set up on the ESM before using RADIUS authentication. These access group names will be used when configuring the RADIUS server. When a user is authenticated, the RADIUS server returns a list of the user’s allowed access groups, so the access group names on the ESM and the RADIUS server must match for a user to have privileges on the ESM. This is case sensitive."


          There is additional information in KB74810


          If you are still having an issue with this then I would recommend contacting support and logging a ticket.