Have you ever stumbled upon AD authentication issues on VNX, even though it all looked configured properly? LDAP integration has always been a PITA on storage arrays and blade chassis as usually there is no way to troubleshoot what the actual error is.
If VNX cannot lookup the user or group that you’re trying to authenticate against in AD, you’ll see just this. Now go figure why it’s getting upset about it. Even though you can clearly see the group configured in “Role Mapping” and there doesn’t seem to be any typos.
Common problem is Nested Groups. By default VNX only checks if your account is under the specified AD group and doesn’t traverse the hierarchy. So for example, if your account is under the group called IT_Admins in AD, IT_Admins is added to Domain Admins and Domain Admins is in “Role Mapping” – it’s not gonna work.
To make it work change “Nested Group Level” to something appropriate for you and this’d resolve the issue and make your life happier.
Tags: AD, authentication, EMC, error, Integration, issue, LDAP, Nested Groups, Problem, VNX
Niktips's Blog 
February 17, 2015 at 7:29 pm |
Nice. I use nested group but don’t remember having to change the nested group level. Perhaps different versions with different default values.
February 18, 2015 at 12:52 am |
It does support nesting up to one level by default.