Troubleshooting Active Directory
Common FileCloud Active Directory problems and solutions
Trouble establishing a connection with Active Directory:
- In Settings > Authentication on the Active Directory tab, make sure you have followed the instructions for entering the settings shown in Active Directory Authentication under AD Configuration Parameters.
Check that the port you have specified (either 389 or 636) is open in the AD server for the FileCloud server.
You can use the telnet command to confirm that it is open.
telnet [ip address] [port]
For example, if your IP address were 192.168.1.191 and your port were 389, you would enter:telnet 192.168.1.191 389
- Confirm that you have entered an account in AD Account Name. This account is used to query the AD server and must be present.
If you have entered a value in Limit Login to AD Group (see below) the account you enter into AD Account Name must be a member of the AD group. - Confirm that you have entered an AD Account Password and that it is correct.
Verify your AD settings using the following steps:
Here are some common AD connectivity error messages and their meanings:
Some users have trouble logging in
If you check Users have the same Account Suffix, you are prompted to enter the AD Account Suffix. If you uncheck it, you are prompted to enter AD Logon Name Prefix. Make sure that whichever you use applies to all of your AD users who access FileCloud. If it doesn't, users it does not apply to will not be able to log in to FileCloud.
All users cannot log in or you cannot import them into FileCloud:
Check if Mail Attribute is filled in. If it is not, users cannot log in or be imported. This is normally set to mail.
Using the logs to find errors
Filecloud stores all errors associated with AD in the logs.
By default, the log level in FileCloud is set to PROD.
- Change the log level to DEV to create more detailed entries:
- In the admin portal, go to Settings > Server and set Log Level to DEV.
- Repeat the steps that caused the error.
- Open the log file:
In Windows: C:\xampp\htdocs\scratch\logs
In Linux: /var/www/html/scratch/logs
If you see error messages similar to:
2022-05-18 23:03:12.265388 ERROR: [16529329921474] Unable to find provider by name: 0bf0d8c9a7544ce179a7fb1f802dde5f 2022-05-18 23:03:12.265559 ERROR: [16529329921474] Unable to connect to AD server with david username: 2022-05-18 23:03:12.265608 DEBUG: [16529329921474] User `david` has not been authenticated with provider CodeLathe\Core\Subsystem\Security\Auth\AD\Provider\ADProvider class 2022-05-18 23:03:12.357099 DEBUG: [16529329921474] FAILED LOGIN: Invalid Username or Password
Do the following:
- Check if the AD login and password are correct.
- Check if the user has an email address in the AD server.
- If the user is already imported into the Filecloud server, check if the user's email in Filecloud and email in the AD server match.
If you were authenticating a user (for this example, authenticating user david on host 192.168.1.14), and see error messages similar to
2022-05-18 23:11:27.296483 NOTICE: [16529334871841] Phone number is invalid for imported user - david 2022-05-18 23:11:27.297668 DEBUG: [16529334871841] User email `david@test.com` does not match AD user email `david@gmd.com`. 2022-05-18 23:11:27.297760 DEBUG: [16529334871841] User `david` has NOT been authenticated.
These messages indicate that the user's email address in the AD server doesn’t match the user's email address in Filecloud.
To restrict login to FileCloud to specific AD users only
- Create a group in AD and add only those users who should able to log in to FileCloud.
- In Limit Login to AD Group, enter the name of the AD group.