Video Screencast Help

Active Directory Users Cannot Login to DLP

Created: 19 Jun 2014 | 11 comments
segunenabled's picture

Hello all,

I connected Symantec DLP to Active directory, edited the krb5.ini and created a user in the DLP console but still cannot login.

I am having invalid username or password.

Please can anyone help.

Operating Systems:

Comments 11 CommentsJump to latest comment

TPL's picture

The username is case sensitive when logging in to the DLP Enforce console.  Did you check to make sure that the username matches the case of the account you created in DLP?

Ryan - DLP Resident Consultant's picture

Are you able to kinit from the Enforce Server? Check that first, then if that is working, you should be able to login to the Enforce Server if everything is configured properly.

jjesse's picture

Check w/ what TPL has said.

If the sAMAccountName is LautoFL then the DLP username has to be LautoFL to match CaSe SensItivItY.  The user is probablly just used to logging in as lautofl as AD doesn't care.  DLP does

Jonathan Jesse Practice Principal ITS Partners

segunenabled's picture

thank you all a million for your information, but i've done all of this...i'm very case sensitive and i don't know why its not working, when i test with kinit, i'm not getting any error message which i'm assuming its working fine but i'm yet to login with any AD User.

benshamind's picture

Hello segunenabled, my two cents,

I will give it a try to change de Enforce Log Level and that hopefully will provide more Debug Information.

Hope it helps


jjesse's picture

Did this ever get solved?

Jonathan Jesse Practice Principal ITS Partners

xlloyd's picture

Are you sure that the user is not locked out of AD?

Also, if the user is new and has been set to "Change password on first logon", there could be issues. Are you able to log in to any other domain computer using these credentials?

Have you tried specifying the domain before the user like DOMAIN\username?

If this post has helped you, please vote up or mark as solution
Sym_DLP's picture

Most probable reason for this might be your directory connection configuration,Below is a similar example which i have come across

1)I have created a directory connection,The directory connection was succesfully created and tested.

2) I have configured the AD authentication also for the Same.

3) Checked with Kinit, No error messages being displayed.\

4) created a user in DLP with the AD login name(exactly the same,case sensitive)

5) I tried logging in with this AD user created in the DLP console, but i am facing an error saying invalid username or Password

Note:  I have two domains, a parent domain and a child domain. i have created a DLP user who is a part of the parent domain.

I have created the Directory connection using the credentials of a user present in the child domain, so when i am trying to login to the DLP console using the AD user present in the parent domain i am not able to do so.

I have changed the user credentials of the directory connection from the child domain user to parent domain user  and now i am able to login successfully.

You can take the help of your AD admin who will help you the best in this regard.

You must ensure that both the DLPusers and the user ID used to create the directory connection are in the same domain.

jjesse's picture

Good morning,

At this point I would open up a support ticket with Symantec.  In the past when I've had AD issues they have been very respnsive and very knowledgable as to what is needed to solve the issue

Jonathan Jesse Practice Principal ITS Partners

kishorilal1986's picture

Hi Segun, Try below possible solution which help u

  1. Check the Enforce and Ad integaration on krb5.ini and port opened from enforce to Active Directory
  2. Chcek whether can u telent from Enforce Server to Active Directory
  3. Check whether the user ID exist in Active Directory is same user ID created in Symantec DLP enforce server under User account
  4. If user ID account is also created in DLP enforce server application server in Admin section then try to login with correct login and password.

Your problem seems , u have note been created any user account as per Active Directory in Enforce server application under user Roles.