http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.itrc.doc_5.1.2%2Ftrc-install79.htm
When the common.properties and ldap.properties files have been updated, reset the IBM Tivoli Remote Control application by clicking Admin > Reset Application. When the service has restarted launch the IBM Tivoli Remote Control application and at the logon page attempt to login using an Active Directory userid and password. If the entries in the LDAP properties file are correct you will be authenticated and will be logged on successfully.
IBM Tivoli Remote Control does this by connecting directly to LDAP therefore, any password changes within LDAP will be immediately effective as long as the LDAP password change has synchronised to the LDAP server which is set within the LDAP.properties file.
Note:
The default ADMIN userid within the IBM Tivoli Remote Control application will always authenticate against the TRC database regardless of whether LDAP authentication is enabled. This is to allow a mechanism for accessing the application, should there be a connectivity problem between IBM Tivoli Remote Control and LDAP.
Note:
If you cannot logon successfully check the
trc.log file for connection errors. If you cannot make a connection verify the values used, against those when connecting to the LDAP browser, are correct and try again. When you can establish a connection, edit the common.properties file and update the property values with the correct values.
To determine the cause of the failure look in the trc.log file or the application log within the Admin menu.
- From the menu bar click Admin
- Click View application log
- Click CTRL+END to reach the end of the file
Some common errors are listed below. Please note that the presence of these errors indicates that there was a problem creating the initial connection between IBM Tivoli Remote Control and Active Directory.
AcceptSecurityContext error, data 525
Returns when username is invalid
AcceptSecurityContext error, data 52e
Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.
AcceptSecurityContext error, data 530
Logon failure: account logon time restriction violation. Returns only when presented with valid username and password/credential.
AcceptSecurityContext error, data 531
Logon failure user not allowed to log on to this computer. Returns only when presented with valid username and password/credential
AcceptSecurityContext error, data 532
Logon failure: the specified account password has expired. Returns only when presented with valid username and password/credential.
AcceptSecurityContext error, data 533
Logon failure account currently disabled. Returns only when presented with valid username and password/credential.
AcceptSecurityContext error, data 701
The user's account has expired. Returns only when presented with valid username and password/credential.
AcceptSecurityContext error, data 773
The user's password must be changed before logging on the first time. Returns only when presented with valid user-name and password/credential.
AcceptSecurityContext error, data 775
The referenced account is currently locked out and may not be logged on to. Returns even if invalid password is presented.
LDAP Authentication.exceptionmyserver.mydomain.com:389
Returns when the server name specified by ldap.connectionURL is unreachable.
Verifying Importation of Groups
When authentication is successful and you are logged on to the TRC server, complete the following step.
- From the IBM Tivoli Remote Control server menu bar click User groups->All User Groups
The groups defined in Active Directory should be displayed. Permissions will need to be defined for these groups by an administrator. See the IBM Tivoli Remote Control Administrator's Guide for details of editing a user group.