PLEASE CONFIRM ON THE FOLLOWING ISSUES

INFOR LN 6.1 USER LINK WITH ACTIVE DIRECTORY USER CAN THIS POSSIBLE OR NOT. WHAT IS THE USER NAME MAXIMUM LENGTH IS ALLOWED.

E.G.

I AM CREATING IN ACTIVE DIRECTORY AS A "baan99@xxx.com" with password and the same can i link with the Infor Ln 6.1 user.
so that i need not have to create in baan user.

Any idea on this subject. Please advice....

Dear Friend,

In my opinion you can make the Infor Enterprise Server on the Network but it will be a standalone server==> outside the domain controller and users can connect using the application server ip address
ex. AD DNS==> 192.168.0.1 .. DHCP enabled
Enterprise Server==> 10.0.0.2

Your BW configuration would be the Hostname 10.0.0.2 after user authenticated in the AD, he should be able to connect to the LN Enterprise Server. "Tested"

Regards..
Ahmed Hossni:D

Ahmed, this is not answering this question, I feel.

Here is the question:

Active Directory:
1. I create a user:
logonid: domain1\user1
password: password1

2. I want to login to Infor ERP LN using these credentials:
logonid: domain1\user1
password: password1

3. I don't want to create a user locally on the ERP LN server, just in order to logon to one application.

4. Someone, please reply with a fix.

5. I have the guide from Infor, but the guide shows a user being created local to the server.

6. If all it requires is operating system authentication, I can't figure out why this can't be covered by the Active Directory login, because if it can't, I'm better off running it on something other than Windows and using a pluggable authentication module, just to save on the Windows and SQL licensing fees.

Hi, I am not sure this is what you want. From BW->BECS goto tools menu-> options then enable active directory and enter your AD server name or ip.

Hi, I am not sure this is what you want. From BW->BECS goto tools menu-> options then enable active directory and enter your AD server name or ip.



Putpat:

This appears to be a client-side change. I need a change at the server level, to affect all users that will be created on the server.

Are you saying that I can configure this at the server?

In our Baan IV SQL installation we use AD logins only. At the time of install we created 'baan' user on server , created db with mixed authentication in sql . AFAIK installation wizard automatically recognizes AD authentication and same should hold good for oracle.

from my system, I don't have local windows users on the app server. I just add user on my AD and the same name on LN application. For worktop, I just enable AD 1 time at the first time after installation then I can logon to applcation by using AD user/password. (no need to enable everytime). Not too sure, what are you looking for?

Dear friends..

"Triton, BaanIV, BaanERP5.0c" in my opinion can use the active directory authentication directly but further Enterprise Servers use Mixed mode Authentication method. The above method is a way to solve the problem...:confused:


Thankx

from my system, I don't have local windows users on the app server. I just add user on my AD and the same name on LN application. For worktop, I just enable AD 1 time at the first time after installation then I can logon to applcation by using AD user/password. (no need to enable everytime). Not too sure, what are you looking for?

OK, then our set up is very jacked.

We have all of the users created locally on the server. This never made sense to me, either, but that is how it is.

As I understood the user creation process for Baan, it was like so:

(1) create OS user (in this case, I thought that if the OS could authenticate against a domain, you could use an AD user)

(2) create baan user

(3) create db user

(4) link baan user to db user

(5) if OS username matches baan user name, then you logon with your AD credentials

I attempted to do this the other day, but I had problems.

In the part where it asks you to put in the OS username (when creating a baan user) ....am I supposed to put in "domain\username" or am I just supposed to put in "username"?

If I could get this working, it would make creating baan users less of a headache, and would also make managing them less of a headache, also

With regards to the worktop configuration, it appears that I just add in a server name. I would assume that this server name would match one of my domain controllers. Is that the trick?

Thanks!

There is no need to key in domain name . Just user name is suffcient . Have u connected the domain in component services--> Active directory users and computers .

Hi,

Just to add up.

if you want to authenticate from domain user to standalone server - then a 2 way trust relation needs to be maintained .

hope this helps.

There is no need to key in domain name . Just user name is suffcient . Have u connected the domain in component services--> Active directory users and computers .

I'm sure that I don't know what you are talking about here.

Just to be clear (if it wasn't obvious already) ... I know hardly anything about Baan.

I mean to say, I know that the Baan server is on the active directory, and that you can logon to the server using AD credentials.

I am sure that I could configure the SQL server to accept SQL only, mixed, or windows integrated authentication. (It currently supports mixed authentication.)

What I am not sure about is how to logon to Baan using Windows AD authentication. (We can already logon using Windows local user authentication, which is cumbersome.)

Environment:
SQL 2005
Windows Server 2003
AD in Windows 2003 Native Mode
ERP LN 6.1

Also, just to be clear, this is part of a bigger process for us. We want to first get the local domain authenticating to baan. After that, we want to establish a trust with a remote domain, and then have those domain users authenticate against Baan (this way, we have to maintain fewer user accounts, and can have our domain more secure). But, obviously, if we can't get the local domain to authenticate, there is no hope of ever getting the remote domain to authenticate.

Heck, I had an idea for using PAM for our Baan IV environment hosted on HP-UX, but difficult to find time with our Unix admin, as he's always involved with auditors.

In this case, I can half-heartedly devote myself to this task (based on how long since I last replied ....)

Thanks!

If the Baan server belongs to the AD domain (and it seems that it does from the above) your AD users can log into Baan.

Create the Baan user and put the AD user name in as the Login Name (without domain). Usually the Baan user name and AD name are the same.
Link Baan user to dB user.
Log in with your AD user name and password. If there is any possibility of different domains in your system, you can log in putting domain\user and the password to make sure.

We dont have a phenomenon of local domain and remote domain . We have only local domain and we are able to login without domain specification . Probably u may more than one domain controllers which creates this problem . I dont have any experieince on multiple domains .

Probably create a unique user in a single domain and check if it works . Also check if ur domain properties in (administrative tools ->component services -> AD users and computers) has default domain policy object linked in group policy tab.

If u r not skilled at it , would recommend u get help of experienced one like PSO/ Infor support and/or do changes when people are not working on it .

OK


is it required that AD username=baan user name?

If that is the case, then I can see why it never worked before.

Was just seeing this forum update prior to getting some shuteye.

(Still never read baan guide, I'm sure it detailed something that simple.)

Thanks for your help. I'll comment once I've read the baan guide.