Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Windows Authentication & BAS

Just setup a new test server with BES 5.0, and for some reason I can't login using windows authentication.  I go into the BES config, and type in the right LDAP credentials.  Then test, and the test is successful.  However whenever I try and log into the BAS or any of the other web consoles using windows authentication it does not work.  Anyone having this same issue?

 

Also it looks like these web consoles don't play nice with IE8 and windows firewall.  You would think as part of the install process on the BES server that it would automatically add in a rules or rules to allow it's own app to work.

New Contributor
Posts: 5
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

[ Edited ]

I wish I had a solution, but I'm having the same problem. 

 

I looked at the error log, and i found this entry (I've replaced my actual domain name with DOMAIN)

 

 

(05/13 14:25:14:233):{http-BESSERVER.DOMAIN.COM%2F192.168.18.124-443-2} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=5371} LOGIN ERROR:  getActiveDirectoryRootDseInformation could not get rootDSE attributes for URL ldap://DOMAIN.com:389 error=javax.naming.CommunicationException: DOMAIN.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]
 

 

 

The  server appears to be using the domain name instead of the actual LDAP server name! The settings are correct and verifies ok on a test.

I even checked in the config file, the bas-config.properties file shows
 emailExchange_ldapUrl=ldap://SERVERNAME.DOMAIN.com:389

 

I reinstalled the server again and that fixed this problem until I rebooted again, now it's reverted to this behavior. 

 

Message Edited by nosnih on 05-13-2009 02:40 PM
Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I've completed a complete reinstall of everything, and I'm still struggling with this same issue.
New Contributor
Posts: 5
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I also reinstalled again, and it's working. for now, I'm ok as long as the server doesn't reboot. (!)
New Contributor
Posts: 8
Registered: ‎05-14-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Did you filled the LDAP user name and password during the setup? It looks like the this account does not have the permissions to read LDAP information. you can change it afterwards:

login with the admin account, goto Solutions topology/components/BAS/LDAP Authentication.

If it is not working, could you provide the data of the fields?

New Contributor
Posts: 5
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

here is what the LDAP Authentication tab under BAS says in "BlackBerry Solution topology > BlackBerry Domain > Component view > View (BlackBerry Administration Service) "
 
Authentication   
 LDAP server web address: ldap://LDAPSERVER.DOMAIN.com:389 LDAP search base: DC=DOMAIN, DC=com 
LDAP user name: BESAdmin LDAP password: ******** 
 
it is currently working, but I have not rebooted the server since I reinstalled last. 
 
I also noticed that while I set  LDAPSERVER to one of our domain controllers, it actually now lists a different domain controller than I typed in, once it authenticated. perhaps the first one wasn't responding quickly enough?
New Contributor
Posts: 8
Registered: ‎05-14-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Changes in the fields will have effect at once. without rebooting.

To test, you just can restart the BAS service (the first one in the list) and try again, if it is still working

 

You should always be able to login with the admin account, so you can do some tests.

 

New Contributor
Posts: 5
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I cannot log in with the admin account, as it was never set up. I chose Windows Authentication during the installation, and BES has never let me change the password or make changes to the admin account, since it's not active. 
Regular Contributor
Posts: 83
Registered: ‎05-13-2009
My Device: Not Specified

Re: Windows Authentication & BAS

I've tried accounts with domain admin rights in the LDAP settings config page, and I still can't login with windows authentication.  Like the previous user stated when we test the account we're trying to use it states that it's working or it says its valid.  However when you try and login via wondows authentication it does not work. 

 

I can login thru the BAS with the admin acount however.  Windows authentication is not working.  I guess I should clarify that I'm using server 2008 (x64) with SQL 2005 (x64).  And it is a virtual.  Not sure if any of that makes any difference although it shouldn't because they say its supported.

 

 

New Contributor
Posts: 8
Registered: ‎05-14-2009
My Device: Not Specified

Re: Windows Authentication & BAS

Hi Shamrock,

 

your environment should work.

What's your error message, when trying to login. Please check the BAS logs.

Do you have more than one AD Domains?