Problem authenticating against AD

f_duranti — Thu, 05 Jun 2025 06:37:10 GMT

Hi, I'm doing some tests and I get a problem authenticating users against Active Directory. Using sAMAccountName (the default) the ldap query always fail (user and password are correct).

If i change and use userPrincipalName (but I should put also @domainname after the username) the authentication goes well and work correctly.

Anyone with the same problem or know how to solve it? The AD domain is 2003.

2012-01-20 19:39:13,143 CET ERROR [com.netapp.wfa.ldap.LdapLoginModule] (http-0.0.0.0-80-3) Failed to find user 'fduranti' using LDAP servers:

* ldap://itnaddc01.q8int.com - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

* ldap://itdrsdc01.q8int.com - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

com.netapp.wfa.ldap.LdapException: Failed to find user 'fduranti' using LDAP servers:

* ldap://itnaddc01.q8int.com - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

* ldap://itdrsdc01.q8int.com - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

at com.netapp.wfa.ldap.LdapWrapper.findUserInLdap(LdapWrapper.java:103)

at com.netapp.wfa.ldap.LdapLoginModule.validatePassword(LdapLoginModule.java:68)

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:249)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)

at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)

at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)

at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)

at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)

at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)

at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

at java.lang.Thread.run(Thread.java:619)

2012-01-20 19:39:13,143 CET DEBUG [com.netapp.wfa.ldap.LdapLoginModule] (http-0.0.0.0-80-3) Bad password for username=fduranti

Re: Problem authenticating against AD

yakobi — Sun, 22 Jan 2012 14:38:41 GMT

Hi Francesco,

The behavior of WFA's support for LDAP/AD authentication depends on the value of "user principal name attribute":

sAMAccountName - the user is required to provide the DC in addition to the user name as "domain\username".
userPrincipalName - in many cases, this means the user is required to provide his email.

WFA doesn't currently allow you to provide default DC/domain-name.

Hope this helps,

Re: Problem authenticating against AD

f_duranti — Sun, 22 Jan 2012 20:19:40 GMT

Thanks, tomorrow I'll do some checks (probably the Domain\username) is simpler for our users

Francesco

Re: Problem authenticating against AD

f_duranti — Mon, 23 Jan 2012 09:26:20 GMT

It's working correctly, my fault was that in the samaccountname there's only the username so i was not putting "domain\".

Thanks

Francesco

topic Re: Problem authenticating against AD in Active IQ Unified Manager Discussions

Problem authenticating against AD

Re: Problem authenticating against AD

Re: Problem authenticating against AD

Re: Problem authenticating against AD