Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Announcements

Breathe easy -- you now have more time to plan your next steps with Qlik!
QlikView 11.2 Extended Support is now valid through December 31, 2020. Click here for more information.

Not applicable

About different domain

Hi,

I have the following scenario:

I installed the QV server in domain A whose active directory is LDAP://A

Now I want to use another domain's account to access QV server. And the LDAP of it is LDAP://B

I add the LDAP://A and LDAP://B in the Active Directory via QEMC, I have tested QV server could identify the users of Domain B by the function in QEMC.

But when I use the account from domain B to visit Access Point, unfortunately, it does not work.

And if I use the the account from domain A , it works.

It seems domain A could not identify the account of domain B.

So could you tell me what I can do?

Thanks a a ... lot.

Thanks.

1 Solution

Accepted Solutions
vgutkovsky
Honored Contributor II

About different domain

The services account that runs the QVWS doesn't need to be a member of a particular domain, any local admin account (QV Admin too of course) with logon-as-service rights will do. So...after you added the LDAP strings, were you able to browse the users in the QEMC or not? If not, then the problem is with the connection string and/or user account itself. If you were, then yeah, it's a domain structure issue.

An important thing to keep in mind is what domain the QVS itself belongs to. If it's a member of Domain A, then the default login domain is A.mycompany.com. If you don't specify the LDAP string properly, then it will attempt to authenticate domain B as A.mycompany.com\B.mycompany.com\user, which of course won't work. That's why Fully Distinguished format is preferable--you would want to specify your full LDAP structure in each string.

Regards,

15 Replies
vgutkovsky
Honored Contributor II

About different domain

Isaac,

Are you using IIS or QVWS?

Not applicable

About different domain

Hi,

I use QVWS,sir.

vgutkovsky
Honored Contributor II

About different domain

Can you be more specific as to what doesn't work? Is it presenting you with a login prompt? Is authentication failing following the prompt? Assuming you get a login promt, what is the format of the username you are entering?

Try adding the AccessPoint to the client's Intranet and/or Trusted Sites IE zone.

Regards,

Not applicable

About different domain

Hi,

I take a detailed example:

DomainA\UserA belongs to the QV Server' s domain.

If I use this account to visit Access Point wherever I use it, it works. Access Point is also in the Domain A.

But if I use DomainB\UserB to visit it, it does not work, as you said it prompt login again and again. It seems the Access point does not identify the account of DomainB.

In the Access point tab, I use NTLM, and as I said before, I have added the LDAP of the Domain B into the Active Directory.

And I go to the tab Users of QEMC, I could search the account DomainB\UserB.

Why could DomainB\UserB not visit Access Point?

Thanks your support, sir.

Not applicable

About different domain

Hi Vlad Gutkovsky ,

Do you have any idea on it? Sorry to push you. But it is very urgent for us.

Thanks.

Not applicable

About different domain

Qlikview Port needs to be opened for that particular IP.

Not applicable

About different domain

How to open and open which IPs? The IPs of the users?

Not applicable

About different domain

yes,IP's of the users who are in different domain.

port 4747 needs to be opened for them.

Tell ur network team to open the port for the IP of external user.

vgutkovsky
Honored Contributor II

About different domain

Well, no, this isn't a port issue. What format are you inputting the username? And, most importantly, in what format did you specify the LDAP string in the DSC? I find that Fully Distinguished format works best. For example, if domain A is northamerica.mycompany.com and domain B is europe.mycompany.com, you would put the strings in the following format: LDAP://DC=northamerica,DC=mycompany,DC=com and LDAP://DC=europe,DC=mycompany,DC=com.

Regards,

Community Browser