Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
I have the following scenario:
I installed the QV server in domain A whose active directory is LDAP://A
Now I want to use another domain's account to access QV server. And the LDAP of it is LDAP://B
I add the LDAP://A and LDAP://B in the Active Directory via QEMC, I have tested QV server could identify the users of Domain B by the function in QEMC.
But when I use the account from domain B to visit Access Point, unfortunately, it does not work.
And if I use the the account from domain A , it works.
It seems domain A could not identify the account of domain B.
So could you tell me what I can do?
Thanks a a ... lot.
Thanks.
The services account that runs the QVWS doesn't need to be a member of a particular domain, any local admin account (QV Admin too of course) with logon-as-service rights will do. So...after you added the LDAP strings, were you able to browse the users in the QEMC or not? If not, then the problem is with the connection string and/or user account itself. If you were, then yeah, it's a domain structure issue.
An important thing to keep in mind is what domain the QVS itself belongs to. If it's a member of Domain A, then the default login domain is A.mycompany.com. If you don't specify the LDAP string properly, then it will attempt to authenticate domain B as A.mycompany.com\B.mycompany.com\user, which of course won't work. That's why Fully Distinguished format is preferable--you would want to specify your full LDAP structure in each string.
Regards,
Isaac,
Are you using IIS or QVWS?
Hi,
I use QVWS,sir.
Can you be more specific as to what doesn't work? Is it presenting you with a login prompt? Is authentication failing following the prompt? Assuming you get a login promt, what is the format of the username you are entering?
Try adding the AccessPoint to the client's Intranet and/or Trusted Sites IE zone.
Regards,
Hi,
I take a detailed example:
DomainA\UserA belongs to the QV Server' s domain.
If I use this account to visit Access Point wherever I use it, it works. Access Point is also in the Domain A.
But if I use DomainB\UserB to visit it, it does not work, as you said it prompt login again and again. It seems the Access point does not identify the account of DomainB.
In the Access point tab, I use NTLM, and as I said before, I have added the LDAP of the Domain B into the Active Directory.
And I go to the tab Users of QEMC, I could search the account DomainB\UserB.
Why could DomainB\UserB not visit Access Point?
Thanks your support, sir.
Hi Vlad Gutkovsky ,
Do you have any idea on it? Sorry to push you. But it is very urgent for us.
Thanks.
Qlikview Port needs to be opened for that particular IP.
How to open and open which IPs? The IPs of the users?
yes,IP's of the users who are in different domain.
port 4747 needs to be opened for them.
Tell ur network team to open the port for the IP of external user.
Well, no, this isn't a port issue. What format are you inputting the username? And, most importantly, in what format did you specify the LDAP string in the DSC? I find that Fully Distinguished format works best. For example, if domain A is northamerica.mycompany.com and domain B is europe.mycompany.com, you would put the strings in the following format: LDAP://DC=northamerica,DC=mycompany,DC=com and LDAP://DC=europe,DC=mycompany,DC=com.
Regards,