Windows Authentication and Navision

rigolo

Hi,

currently we have most of our users setup as SQL database users on the Navision SQL server. However our security department would like us to move to NT authenication.

In the ideal world we would like to add people to a Windows Group (via our Active Directory system) and then he or she will be automatically given access to the relevent companies/forms etc in Navision.

Are there any pointers, how-to's or any other documentation that might help me set this up?

Thanks,

Hein Rigolo

elTorito

Hi,

look up in to the Navision Online Help Doku.
And search for:

- Windows Users and Groups
- Creating Windows Logins
- Giving Roles to Windows Logins
- Security
...

Or Lookup in the Manual Installation and Systemmanagement from Navision Database Server, there is a chapter about Navision and Active Directory.

RobertMo

we added an active directory group to win accounts in Navision and setup proper roles. it worked. users form the group could login and had apropriate roles...

but when user logs in, you will not see AD group id in stauts bar, but he's AD userid. and if you want to use userid through app, you will still have to define all users (by their user id) in G/L Setup Users table. and you will have to enter userids manually and not select form the list (remember that separate userids are not defined as win logins).
luckily validation still works - if you type in a userid that is not in group, error is shown.

this model is quite comprehensive, since you have userid/groups on AD and also userid/groups/roles in Navision.

after everything we ended with defining all users as Win logins (and not groups) and defining for each their roles.

The reason was also because DB administration and AD administration were done by different persons and changes through AD took a lot more time&effort.

H10_Marc

That's Right!!
My problem is the ID in Navision it's defined that CODE 10 characters, and my IDs in AD have more characters.
Can you help me?

dmccrae

You enter the IDs under Tools/Security/Windows Logins, not Database Logins.

H10_Marc

Under Tools/Security/Windows Logins I added a Windows Group.
But if I want to work it correctly I have to created under Tools/Security/Database Conections the Id's users. These id's users have to be like id's pre-windows 2000 accounts.
In Navision, Our Id user field are CODE 10 long. And our pre-windows accounts are more that 10 long. And I can't modify pre-windows accounts.

Now do you understand my problem?

sfi

Are you sure that you have the latest version.

In table 2000000002 User the User ID field is 20 char.s long.
In table 91 User Setup the User ID field is 20 char.s long.

Have a look into Codeunit 418 Login Management and see how Navision solves the problems with UserID.
This Codeunit is called from table 91 User ID triggers.

Regards,
Steen Fisker

H10_Marc

The version is 2.60 Financials.

In table 2000000002 User, the User ID field is 10 char.s long.
In table 2000000003 Member of, the User ID field is 10 char.s long.
In table 91 User Setup, the User ID field is 10 char.s long.

Don't exist Codeunit 418.

I think it's impossible solve this problem in my case . Only I can define the pre-windows User ID 10 char.s long. I do not want this solution because it can cause many problems in Windows.

Thanks of all ways.

facade

That's why the forum is called

Navision
Version >= 3.70 to avoid mixup's :P

But it still is pretty mixed up

H10_Marc

I can not upgrate Navision. I haven't power of this. Another suggestion?

H10_Marc

H10_Marc wrote:

I can not upgrate Navision. I haven't power of this. Another suggestion? I visited all forum that refered Active Directory and here I have finded the best opinions of AD

facade

H10_Marc wrote:

I can not upgrate Navision. I haven't power of this.

I was merely referring to the fact that the forum in what you are discussing this, is a forum for items related to MBS-Navision 3.70+ not Navision Financials

H10_Marc

I Know it. In Navision Financials forum nobody discusses of Active Directory connection. So, I have proved luck here.