Support Forum

Ask questions and get help from MobileTogether experts.
MobileTogether Product Information
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
View
Go to last post Go to first unread
mbr  
#1 Posted : Thursday, October 9, 2014 3:33:31 PM(UTC)
mbr

Rank: Member

Groups: Registered
Joined: 8/11/2014(UTC)
Posts: 29
Germany

Thanks: 4 times
Server settings for "Active Directory login" are set as follows:
"Enable" checked
"Allow any existing domain user to login" unchecked (actually, but does not change behaviour)
two domain suffixes entered comma separated
"Set as default" checked

On "Users and Roles"/"Users" tab the "Import Users" button is pressed and search dialog appears.
Search for users finds users from either domain and shows proper AD display name and mail address

Selecting a user and pressing "Import selected" button yields message
"Principal NT not found, Failed to import <display name> principal"

Server log does not show any regarding message
bbv  
#2 Posted : Friday, October 10, 2014 11:29:03 AM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 476

Was thanked: 80 time(s) in 80 post(s)
We have been able to reproduce this issue. We are now working on an updated interim build so that you don't have to wait until the final release.
thanks 1 user thanked bbv for this useful post.
mbr on 10/10/2014(UTC)
bbv  
#3 Posted : Wednesday, October 15, 2014 9:51:17 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 476

Was thanked: 80 time(s) in 80 post(s)
We have now updated the Server installer with a fixed version. Just download and install again.
mbr  
#4 Posted : Thursday, October 16, 2014 11:16:45 AM(UTC)
mbr

Rank: Member

Groups: Registered
Joined: 8/11/2014(UTC)
Posts: 29
Germany

Thanks: 4 times
I re-loaded and re-installed the server. The changes you made were successful.

Importing users now works properly as well as logging in with "any existing domain user" if the corresponding flag in server settings allows for.

Two things should be mentioned in addition:

1) One has to log in with the domain principal name (not the display name)
2) Logging in as "any existing domain user" you initially can use all available solutions as the "authenticated" role is automatically assigned which by default has access to all containers and objects.
bbv  
#5 Posted : Friday, October 17, 2014 4:48:44 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 476

Was thanked: 80 time(s) in 80 post(s)
Your questions are not very clear. Do you mean by 1) that you wish to use the principal name instead of the display name? If yes, you should be able to enter the full name instead of display name on server side, which will make it appear this way on client side. What you get automatically on server is only a suggestion.

Similar with the 2) - do you mean that it is not good that all workflows are available by default?
mbr  
#6 Posted : Saturday, October 18, 2014 5:43:04 PM(UTC)
mbr

Rank: Member

Groups: Registered
Joined: 8/11/2014(UTC)
Posts: 29
Germany

Thanks: 4 times
Sorry for not being very precise. I wanted to give an additional comment/hint, not raise a question, because

1) Display name / Principal name
Imported users are shown on server with the display name and the pricipal name and domain in brackets. We tested both.
We tried to log on with the display name without success. Only succeeded with the principal name.
As from your post also using the display name should be possible, I will test again

2) Default authorization
I do not valuate if the current implementation is good or not. I only wanted to emphasize the way it works.
Allowing anybody from active directory to log on yields perhaps a huge audience. If you provide, beneath solutions with technical information, also solutions which show financial figures of a company or even allow for posting transactions, some people would typically prefer to differentiate the audience in advance of first log on.
mbr  
#7 Posted : Tuesday, October 21, 2014 11:11:00 AM(UTC)
mbr

Rank: Member

Groups: Registered
Joined: 8/11/2014(UTC)
Posts: 29
Germany

Thanks: 4 times
Result of trying to log on with AD user with display name and/or principal name

Assume a user has been imported from AD and shows up in user list on server as: "John Doe (Doe_J@domain.com)"

a) On mobile client (server setting) change user to "John Doe" with proper password and domain set
Update of solutions list (pull down of workspace) results after a while in "Connection error - Timeout ..."
Opening a solution brings message "Solution being opened ..." followed by "Connection error - Timeout ..."

b) On mobile client (server setting) change user to "Doe_J". Password and domain unchanged
Update of solutions list (pull down of workspace) works as expected and shows solutions according to users roles
Opening a solution works as expected

If the user has not been imported previously:
Log on with "John Doe" shows same result as above. User not automatically added to list of users on server
Log on with Doe_J and everything succeeds. User automatically being added to user list on server
bbv  
#8 Posted : Tuesday, October 21, 2014 12:59:32 PM(UTC)
bbv

Rank: Administration

Groups: Registered, Administrators
Joined: 7/21/2014(UTC)
Posts: 476

Was thanked: 80 time(s) in 80 post(s)
It looks like I originally misunderstood what you meant with display/principal name.

Now as I see what you mean, I don't think it is possible at all. The same as you cannot login into Windows with John Doe, you will not be able to login in MobileTogether with display name, because AD simply won't accept it.
mbr  
#9 Posted : Tuesday, October 21, 2014 2:26:50 PM(UTC)
mbr

Rank: Member

Groups: Registered
Joined: 8/11/2014(UTC)
Posts: 29
Germany

Thanks: 4 times
Thanks for your clarification.
Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.