000037494 - Cannot login with the samAccount Username in RSA NetWitness 11

Document created by RSA Customer Support Employee on Jul 8, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037494
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 11.2, 11.2.0.1, 11.3
IssueCannot log in using the samAccount username even though the LDAP bind is successful and the credentials are correct:

/var/log/security-server/secuirty-server.log

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
        at javax.naming.InitialContext.init(InitialContext.java:244)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)



 
CauseWe include the alias User logon name (pre-Windows 2000) with the samAccount name when we do a LDAP lookup.

User logon name (pre-Windows 200)
WorkaroundTry using the pre-Windows 2000 username alias\username found in the Microsoft Active Directory account settings when logging in with the samAccount username.

Attachments

    Outcomes