Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Resolving Login Errors with Active Directory Accounts

 

If you get an error when you log in to JSA with a valid Active Directory account, verify whether you have time synchronization issues.

When a valid Active Directory account is not synchronized with your JSA console, a login error similar to the following might occur:

The username and password you supplied are not valid. Please try again.

You can manually synchronize data between the JSA server and the LDAP authentication server.

If you use authorization that is based on user attributes or groups, user information is automatically imported from the LDAP server to the JSA console.

Each group that is configured on the LDAP server must have a matching user role or security profile that is configured on the JSA console. For each group that matches, the users are imported and assigned permissions that are based on that user role or security profile.

By default, synchronization happens every 24 hours. The timing for synchronization is based on the last run time. For example, if you manually run the synchronization at 11:45 pm, and set the synchronization interval to 8 hours, the next synchronization will happen at 7:45 am. If the access permissions change for a user that is logged in when the synchronization occurs, the session becomes invalid. The user is redirected back to the login screen with the next request.

do these steps.

  1. If your Active Directory was not recently configured, use SSH to log in to JSA as the root user.
  2. Type the following command:

    cat /opt/qradar/conf/login.conf

  3. Verify that the server is configured for Active Directory authentication.

    For example, an authenticated server might resemble the following output:

    LDAPServerURL=ldaps://<server>:<port>

    The <server> option is the Active Directory domain controller that receives the JSA authentication. 389 is the default Active Directory LDAP port.

  4. Copy the Active Directory domain controller IP address.
  5. Type the following command and use the Active Directory domain controller IP address for the <server> option:

    ntpdate -q <server>

  6. Verify that the offset time is more than +/- 300 seconds.

    The output might resemble the following example:

    server 9.24.207.12, stratum 3, offset -10774.586000, delay 0.04221 19 Nov 13:59:16 ntpdate[22011]: step time server 9.24.207.12 offset -10774.586000 sec

    If the offset time is more than +/- 300 seconds, then the time interval between the JSA console and the Active Directory server causes the authentication issues.

  7. Restart the JSA web service by typing the following command:

    systemctl restart tomcat

    Restarting the JSA web service logs off all users, stops exporting events, and stops generating reports. You might need to manually restart some reports or wait for a maintenance window to complete this procedure.

  8. If the JSA console system time and the Active Directory server system time differ by at least 5 minutes, follow these steps:
    1. Click the Admin tab.

    2. On the navigation menu, click System Configuration.

    3. Click Authentication.

    4. In the Authentication Module list, select LDAP.

    5. Click Manage Synchronization >Run Synchronization Now.