12/29/2011 9:29:13 AM
abwalters
Posts: 43
|
Is there any documentation on how to utilize AD groups in Remote Desktop Manager Server? Utilizing AD groups is probably the main reason that my organization has been eagerly awaiting RDMS to be released. I tried adding AD groups as users, but when I logged in with my domain user, it didn't give me any of the permissions I set for the groups I added.
|
|
0
• permalink
|
12/29/2011 11:17:26 AM
David Hervieux
Administrator
Posts: 4241
|
We support now the Active Directory users for the authentication but the group are not supported yet. This on the server roadmap for version 1.1. There is a small chance that it could be in the first version too.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
12/29/2011 11:27:58 AM
David Hervieux
Administrator
Posts: 4241
|
By the way, we already have started to develop this feature. I'm just not sure if we will have the time to complete it.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/21/2012 10:18:32 AM
abwalters
Posts: 43
|
David,
I've been following each of the new beta versions as they have come out, and noticed in the last version that there was a new section added for "Roles", which searches Active Directory for groups. It doesn't look to be working quite yet, though. When I log in with my AD credentials (As an aside, integrated authentication doesn't seem to be available when using Remote Desktop Manager Server data sources. That would be a nice feature to continue to be able to use going forward), it seems to create a user for me in the users section, but it doesn't apply any of the permissions I specified for the role. I'm guessing that not all of the code is in place to make that feature work properly as of yet. If it works the way it looks like it should, this definitely looks like a very nice feature addition to your product.
As you can tell, I'm itching to utilize this feature. I just finished up a quick hack of a PHP script to create users in the SQL database without so much manual intervention. We're up to 20 separate data sources now, and creating new users on each of them can be surprisingly time consuming. I know it would be less work with fewer data sources, but different sets of users need varying degrees of permissions on different sets of machines (and pretty much everyone needs to be able to at least connect to most everything). So the simplest solution at this time is to create data sources for the different sets of machines.
|
|
0
• permalink
|
3/21/2012 10:25:45 AM
David Hervieux
Administrator
Posts: 4241
|
Hi,
What version of Remote Desktop Manager Server do you use? Have you configured correctly the machine name for the authentication? You need to enter the machine name and not the domain.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/21/2012 11:05:06 AM
abwalters
Posts: 43
|
I just upgraded to RDMS 1.0, actually. When you say that I need to correctly configure the machine name for authentication... Do you mean configure the machine account in the SQL Management Studio? Or do you mean that I need to change the settings for the "Authenticate with domain user" option to use the local machine name instead of my domain name?
|
|
0
• permalink
|
3/21/2012 12:46:56 PM
abwalters
Posts: 43
|
Here is what I've tried:
- Authenticate with domain user set to domain name
- Authenticate with domain user set to specific domain controller FQDN
- Authenticate with domain user set to local machine
- In data source configuration:
__- Authenticate as domain user without specifying domain (of AD domain)
__- Authenticate as domain user with specifying domain (of AD domain)
__- Authenticate as local user without specifying domain (of local machine name)
__ - Authenticate as local user with specifying domain (of local machine name)
- In Roles configuration:
__ - AD Groups with only users as members
__ - AD Groups with other groups as members
__ - Local groups with only AD users as members
__ - Local groups with only AD groups as members
__ - Local groups with only local users as members
__ - Local groups with only local groups as members
All of the above have been tried with SQL authentication for the database connection and with integrated authentication for the database. They have all also been tried with every combination possible of turning on/off the built-in user auth and local machine user auth in the RDMS instance configuration.
I'm guessing from your initial follow-up question that the group authentication piece is supposed to be working, and that I'm just failing to configure a small piece to make it work. Currently, the authentication does work, in a way. I can connect to the data source with a domain user that I didn't manually add. RDMS then creates a user for that authenticated person. The user that gets created just doesn't have any rights assigned, so I have to manually edit their permissions in order for the user to be useful.
edited by abwalters on 3/21/2012
|
|
0
• permalink
|
3/21/2012 1:52:03 PM
David Hervieux
Administrator
Posts: 4241
|
Hi,
From what I see, if the server create the user, it's because it's able to connect to the Active Directory. Have you assigned any rights to an Active Directory Group? All those rights are supposed to be inherited to the user when he logs in.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/21/2012 2:13:51 PM
abwalters
Posts: 43
|
I assigned administrator permissions to each of the various groups I tested with. Specifically, I assigned those permissions under the "Roles" section.
|
|
0
• permalink
|
3/21/2012 2:34:40 PM
David Hervieux
Administrator
Posts: 4241
|
Do you think that you could send me a print screen of a role? You can send it to infos@dev....
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/26/2012 12:21:24 AM
xrs
Posts: 1
|
I'm having the same issue, please do a follow up in this thread.
|
|
0
• permalink
|
3/26/2012 4:35:18 AM
David Hervieux
Administrator
Posts: 4241
|
Hi,
Could you try to install the version 1.0.0.1 of the RDMS and this version of RDM
http://remotedesktopmanager.com/download/Devolutions.RemoteDesktopManager.Bin.7.0.4.0.zip
Select the data source and send me a print screen of the File->My Data Source Information.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/29/2012 6:03:40 AM
abwalters
Posts: 43
|
I found a workaround for this particular issue. If you manually create your users (with the integrated security checkbox ticked), like you needed to do prior to AD group integration being implemented, your roles will assign permissions to your users.
|
|
0
• permalink
|
3/29/2012 7:44:25 AM
David Hervieux
Administrator
Posts: 4241
|
I will try to fix that for real. I think that RDM should authenticate the user with AD before trying with SQL Server.
edited by dhervieux on 3/29/2012
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
3/30/2012 5:50:12 AM
abwalters
Posts: 43
|
Okay. I figured you were working on a more permanent fix. I mostly posted that for xrs and any others currently experiencing this particular problem. The workaround will at least allow the intended functionality, though with a bit of manual intervention needed. I actually meant to post it shortly after I sent the information to you via email, but forgot.
|
|
0
• permalink
|
4/6/2012 11:43:09 AM
David Hervieux
Administrator
Posts: 4241
|
I have reproduced the problem and fixed it.
This is now in the version 1.0.0.2
Regards
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
4/9/2012 6:28:41 AM
abwalters
Posts: 43
|
David,
I can confirm that user creation does work now. Any users that are meant to be administrators are created properly (except that setting offline mode doesn't seem to be assignable via roles).
Users that are not a member of an administrator role aren't receiving any permissions, though. I sent you more information via email.
|
|
0
• permalink
|
4/12/2012 4:35:58 AM
Steffen Hornung
Posts: 40
|
I request this feature for RDM also.
--
RDM 7.0.3.0 Enterprise
|
|
0
• permalink
|
4/12/2012 11:57:30 AM
David Hervieux
Administrator
Posts: 4241
|
Unfortunately for RDM with the SQL Server it's not possible to dynamically create the user because the database user must be a a SYS_DBA to create the user in the database. I will see what I can do.
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
4/12/2012 12:40:35 PM
abwalters
Posts: 43
|
I have the RDMS instance configured to use SQL authentication, and the RDMS user holds the sysadmin role in SQL, so RDMS should be able to create users without a problem.
|
|
0
• permalink
|