[nav2013] Active Directory user groups not working?

Poltergeist
Member Posts: 200
I've set up a three tier environment for Dynamics NAV 2013 Beta (build 33451), and users can login with their Windows Account if the users are added via CRONUS Nederland BV/Departments/Administration/IT Administration/General/Users. However, Active Directory User groups are not recognized. I can easily add the group (for example domain admins) to the list, but users which are a member of the group Domain admins are unable to sign in. When starting the RTC, the following message appears:
"You are not authorized to sign in. Verify that you are using valid credentials and that you have been set up as a user in Microsoft Dynamics NAV"
The applicationlogs give the following error:
Service: DynamicsNAV70
User: DOMAIN\administrator
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException
SuppressMessage: False
FatalityScope: None
Message: The server has rejected the client credentials.
StackTrace:
at Microsoft.Dynamics.Nav.Service.NSServiceBase.ValidateAndCreateConnection(ConnectionRequest connectionRequest)
at Microsoft.Dynamics.Nav.Service.NSServiceBase.OpenConnection(ConnectionRequest connectionRequest)
Source: Microsoft.Dynamics.Nav.Service
with the following eventdata:
Service: DynamicsNAV70 User: DOMAIN\administrator Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException SuppressMessage: False FatalityScope: None Message: The server has rejected the client credentials. StackTrace: at Microsoft.Dynamics.Nav.Service.NSServiceBase.ValidateAndCreateConnection(ConnectionRequest connectionRequest) at Microsoft.Dynamics.Nav.Service.NSServiceBase.OpenConnection(ConnectionRequest connectionRequest) Source: Microsoft.Dynamics.Nav.Service
Is there no possibility to use AD groups anymore, or am I doing something wrong? (I´m hoping for the last, of course)
"You are not authorized to sign in. Verify that you are using valid credentials and that you have been set up as a user in Microsoft Dynamics NAV"
The applicationlogs give the following error:
Service: DynamicsNAV70
User: DOMAIN\administrator
Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException
SuppressMessage: False
FatalityScope: None
Message: The server has rejected the client credentials.
StackTrace:
at Microsoft.Dynamics.Nav.Service.NSServiceBase.ValidateAndCreateConnection(ConnectionRequest connectionRequest)
at Microsoft.Dynamics.Nav.Service.NSServiceBase.OpenConnection(ConnectionRequest connectionRequest)
Source: Microsoft.Dynamics.Nav.Service
with the following eventdata:
Service: DynamicsNAV70 User: DOMAIN\administrator Type: Microsoft.Dynamics.Nav.Types.Exceptions.NavInvalidCredentialException SuppressMessage: False FatalityScope: None Message: The server has rejected the client credentials. StackTrace: at Microsoft.Dynamics.Nav.Service.NSServiceBase.ValidateAndCreateConnection(ConnectionRequest connectionRequest) at Microsoft.Dynamics.Nav.Service.NSServiceBase.OpenConnection(ConnectionRequest connectionRequest) Source: Microsoft.Dynamics.Nav.Service
Is there no possibility to use AD groups anymore, or am I doing something wrong? (I´m hoping for the last, of course)
0
Comments
-
I am afraid that groups are not working anymore. Because the records are really records for "users", which have some permission sets assigned, full name etc., and the authentication could be made by some providers like facebook etc., it is different than it was. Because there is no delegation behind, all is done by NAV. And this way of "users" is different than having users and groups which are together assigning permissions.0
-
I for sure certainly hope this will be "fixed" in the final version. It still uses the Security ID's from the active directory to login, so there s still some validation against the AD (at, least, I hope so...) it would be a drag to have to enter all users in every database, while microsoft advices to use groups as much as possible on the filesystems and other areas...0
-
Windows Groups does work in NAV 2013. You will have to add each user to the user table. You only need to assign permissions to the Windows Group instead of maintaining permissions on each individual user
/ClausClaus Busk Andersen
Program Manager
Microsoft Dynamics NAV0 -
OK, if I understand correctly, it is same situation like when using extended security model in older versions, when we can use groups to assign permissions, but each user must exist in NAV to have access...0
-
Hi guys,
Does anyone got this to work on NAV 2013 RTM?
I can't get it to work with User Permission Sets (SUPER) only set on a domain group. My domain user is also added, but without User Permission Sets. I even tried with a domain admin account as NST account, to rule out permissions issues with the AD, but with the same result. ](*,)
If Claus says it should work I really believe this should work, so I guess I'm missing something here...
Thanks,
Johannes0 -
i had tested on NAV 2013 RTM, by adding domain\domain users inside and set permission to super, it does work.
I had tested by adding few different group inside and i manage to login using designated user account.0 -
Thanks,
That's great news guardioo!
That means that there are some problems in our environment, but that should be solvable.
Thanks for the update,
Johannes0 -
After i try on NAV2013 RTM, its not working for domain group anymore, does anyone manage to make it work.0
-
I am using AD groups in a live production environment right now. Have you applied the correct permission sets to the group? If not, assign the basic role and that should at least let you login. Also, when you added the group under the users, did you select that it is a windows group?0
-
Thanks for reply,
Was doing the same thing though,
quite weird it doesnt work suddenly, maybe will try redo all the thing again to check on this issues.
will update you once manage to solve it0 -
One thing I noticed about the windows group is that it will need a few hours before it takes affect. I'm not exactly sure why.Confessions of a Dynamics NAV Consultant = my blog
AP Commerce, Inc. = where I work
Getting Started with Dynamics NAV 2013 Application Development = my book
Implementing Microsoft Dynamics NAV - 3rd Edition = my 2nd book0 -
Hi everbody,
since few day's I'm employ to NAV Security.
I like the new features and workaround.
No, SQL User will be require if you only want to use the RTC Client.
...
But what are the benefits of adding every user again in the RTC Client as an user?
Is it only security?
On the SQL Server you don't need it! Here it will be enough if you added the AD Group.
Thanks in advance!
Best regards
came0 -
came wrote:But what are the benefits of adding every user again in the RTC Client as an user?
Is it only security?came wrote:On the SQL Server you don't need it! Here it will be enough if you added the AD Group.Regards,Alain Krikilion
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!0 -
kriki wrote:came wrote:But what are the benefits of adding every user again in the RTC Client as an user?
Is it only security?kriki wrote:came wrote:On the SQL Server you don't need it! Here it will be enough if you added the AD Group.
So, if you have 20 users it will be better to add an AD Group. That's not possible in RTC.
Here all users who are in the AD Group needs to be create as an new user in NAV.0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions