To resolve:
- Click Settings | User Authentication.
- Click Edit Mode.
- When a user tries to login to the appliance using LDAP auth, the Kace SMA will look for the user on each LDAP auth schedule on the list from top to bottom. Users found on the LDAP Schedules at the top of the list will usually have faster login times than the ones at the bottom.
- Review the authentication servers listed. Make sure they all have a valid IP or hostname, and are configured properly.
- For example, the K1000 appliance comes with some default servers to show you examples of how to set them up. If you leave those as is, your login will try to hit each of those servers, and has to timeout on each one.
Anytime a user logs in, each enabled user LDAP user is queried to see if they need to be applied to the user. If any of those are misconfigured, then you will see delays.
To resolve:
- Go to Home | Label Management | LDAP Labels | Sort labels by Type | Disable all the "User" LDAP labels.
- Click on the label name | Uncheck "Enabled". (This must be done one by one on each label until all of them are disabled).
- Try to logout and login again to see if the problem still exists.
- If the issue is resolved with all the user LDAP labels disabled. Run a Kace SMA configuration report, in here you will find the LDAP query for each LDAP label on your Kace Appliance. Review the labels to try to find the faulty one.
- If all LDAP labels seem to be OK and is not easy to find the faulty one. Enable the labels again one by one, try to login each time an LDAP label is enabled. Repeat the process until you find the label that cause a delay in the login time.
Linked appliances LDAP misconfiguration
If you have linked appliances, and you are logging into the Admin portal, your LDAP user will try to authenticate against the linked appliance (e.g. KACE SDA, another KACE SMA, or a Remote Site Appliance) so that you will have the option in the Organization drop-down box in the upper right hand corner. If a linked appliance is turned off, this will cause a delay during login.
Also, if the user you are logging in as does not have an LDAP authentication server setup on the linked appliance, then it will eventually timeout and let you login, but this too will cause a delay.
To resolve:
- Login to the linked appliance.
- Review your authentication for any users you want to be able to have LDAP admin access to both the appliance and the linked appliance and adjust accordingly.
DNS Issues
- Try to ping the LDAP server hostname from the Kace SMA.
- Go to Settings | Support | Run diagnostic utilities | Select "Ping" from the dropdown menu | Add hostname | Select "Run Now".
- Make sure that the host is responding with the correct IP.
- Go to Settings | Control Panel | Authentication Settings | LDAP Authentication.
- Look for the LDAP auth schedule that contains the user that you are currently testing on the Kace SMA.
- Select the up arrow move the LDAP auth schedule to the top of the list.
- Use the IP of the LDAP server instead of the hostname on the LDAP auth schedule.
- Look for any LDAP labels applicable to the user being tested and change the hostname for the IP address.
- Try to logout and login again to confirm if the issue has been resolved.
__________
Is your KACE solution working as efficiently as possible? Learn more about our KACE Health Check.