Issue
Access Denied error when a user is attempting to log in to their PC via Windows Logon or Computer Logon.
The Description in the corresponding Audit log in the DualShield Admin Console shows..
LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 531, v4f7c\u0000', diagnosticMessage='80090308:
Cause
AD accounts have been restricted access to one specific Workstation.
e.g...
Resolution
GSS-API (Generic Security Service Application Programming Interface) authentication is an industry-standard protocol that verifies a user's identity and provides other security services:
- Authentication: Verifies that a user is who they claim to be
- Integrity: Ensures that the data received is the same as the data sent
- Confidentiality: Encrypts data
This can be added as an authentication method in DualShield version 7.1.0 onwards.
To achieve this, please start to go through the same steps in Connect to an Active Directory
However, when you get to the Identity Source Connection Configuration change the Authentication Method to GSS-API
Also the Access user needs to be specified as UPN with the domain specified all in upper case
e.g.
Add your DC to the list of computers the end-user has access to.
