Windows Logins with AD Groups

ta5

Hi
We want to use windows logins in a 4.03 database (native).
If the user is added to the windows logins and the user is granted the roles it works.
But if a active directory group (which the user belongs to)is added to the windows logins login is not possible anymore. Adding roles to the AD group does not help either.

I've read some threads in here, but most were about sql server option.

Thanks
Thomas

kine

1) The user account must be inserted into NAV to be able to login.
2) The user account do not need to have some roles assigned if there is AD group in NAV with appropriate roles.

ta5

@kine

I've tested with 5.0 and 4.03 (both native). Login works as long as there is no AD user group in windows logins. ](*,)

The error-msg is:
"The following message came from the server."

kine

Hmmm, interesting. Under which account is the Server running? Is it Domain account or just system account?

ta5

local system account

kine

Ok, try to use some domain account to run the service. May be not all is done on the client and some part of the authentication is done on the server. Than the local system accoount have no enough rights to ask AD for info about group members...

AEklund

We want to use AD groups, which we can set up the ad group in the NAV security table and it seems to work. My expectation is to link the security group up to the NAV roles required in order to make the security table small and easy to manage through AD..

However, we have found that the Lanham products require the userID and not the security gruop in the table, I believe because they can't grab the lanID To security group relationship in order to figure out their security model, and may need to have the users in the table anyway...

We use