Intel,Altiris Group

 I have tried a few times to setup Authentication.  I want to use NTLM since I have more then 1000 users.  I have LDAP setup using Kerberos with the proper Base DN and an administrator account and password.  Half the time it says the user/password is wrong or it tells me my Base DN is incorrect.  It worked in a the past cause I started seeing users in the list but that was when I had it configured to use the little domain controller interfaces software program.

Not understanding why it tells me my Base DN setting is wrong.  I am using dc=dysart,dc=org which should be correct?  Should I be doing something different?

Thanks,

Kris Turner

Kris,

Probably need a bit more info to help out here.  Are these error messages you are getting when you press Save, Test LDAP, or TEST NTLM? 

Process should be to get LDAP confirmed working first through the Test button (Top Section of Authentication page), then NTLM configured and Tested (Bottom Section) THEN create an Authentication Policy for the network segments you want to Authenticate.  Best practice is to create a test policy for a smaller group first to ensure things are functioning as expected, then roll out to a wider set of IP addresses.

Feel free to contact Support or me directly if you want to go deeper and troubleshoot.

The Base DN error comes into play once I have the settings saved and I click Test to test the LDAP settings.  The wrong password/user name comes to play when I try to save the ldap settings with or without ntlm settings but with kerbros.

The user/pass issue could be one of two things:
1) Your AD does not have have the reverse DNS lookup required for Kerberos.
2) You are entering 'DOMAIN\user' as the user name rather than just 'user'.

The Base DN error is not one I am familiar with - Do you get that error with Kerberos or Simple LDAP authentication (or both)?  It is probably best to open a case with our Support group as they are best to troubleshoot this 1 to 1.

SI