cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

AD machine restrictions causing PDMLink login problems

davehaigh
11-Garnet
11-Garnet
‎Mar 01, 2012 05:32 PM
‎Mar 01, 2012 05:32 PM

AD machine restrictions causing PDMLink login problems

Our AD administrator changed our AD domain configuration for some users so that they can only remotely login to specific servers and workstation in that domain.

Previously they could login to any systems in the domain.

Before the change those users can login to the PDMLink 9.1-M060 application server. After the change they were not able to authenticate even though the server hosting the PDMLink app was included in the list of allowed servers.

Although they can't authenticate to the PDMLink app they were still able to login remotely to the host server.

Users that were not restricted were still able to use the AD authentication and therefore had no problem logging into the PDMLink application.


1. How can AD be configured with these restrictions and still allow PDMlink authentication for those constrained users?


David Haigh
Phone: 925-424-3931
Fax: 925-423-7496
Lawrence Livermore National Lab
7000 East Ave, L-362
Livermore, CA 94550

Labels:
0 Kudos
Notify Moderator
5 REPLIES 5
davehaigh
11-Garnet
11-Garnet
(To:davehaigh)
‎Mar 01, 2012 06:40 PM
‎Mar 01, 2012 06:40 PM

A bit more detail on this question.

This works. The user can log into PDMlink
[cid:image001.png@01CCF7B8.FEF209E0]

This doesn't work. The user can log into the machines but not into windchill.
[cid:image002.png@01CCF7B9.46DF46F0]




David Haigh
Preview file
155 KB
Preview file
160 KB
0 Kudos
Notify Moderator
ddemay
1-Newbie
1-Newbie
(To:davehaigh)
‎Mar 01, 2012 07:10 PM
‎Mar 01, 2012 07:10 PM

Was PDMLink restarted after the change was made? Apache and Tomcat?




0 Kudos
Notify Moderator
jasonb13
1-Newbie
1-Newbie
(To:davehaigh)
‎Mar 26, 2012 12:16 PM
‎Mar 26, 2012 12:16 PM

We have the same issue with Windchill and another system we synch with AD. It would be nice to find a solution.
Preview file
160 KB
Preview file
155 KB
0 Kudos
Notify Moderator
ddemay
1-Newbie
1-Newbie
(To:davehaigh)
‎Mar 26, 2012 12:53 PM
‎Mar 26, 2012 12:53 PM


I am wondering if by any chance if a new user is created with identical permissions/roles (after this domain change) if they work okay in PDML?

That might point to a distinguished name or server reference issue with your database for PDML.


Sent from my Verizon Wireless BlackBerry
Preview file
160 KB
Preview file
155 KB
0 Kudos
Notify Moderator
atwood
10-Marble
10-Marble
(To:davehaigh)
‎Mar 28, 2012 09:05 AM
‎Mar 28, 2012 09:05 AM

Is there a load balancer or proxy in the windchill deployment? You may need to add other hostnames besides just the application server?


Tim Atwood


PTC Enterprise Deployment Center

0 Kudos
Notify Moderator
Announcements

Contact Community Management
Top Tags