You are viewing limited content. For full access, please sign in.

Question

Question

LF Forms domain users logging in

Forms
Updated August 24, 2017
asked on January 22, 2015 Show version history

Configured forms and trying to allow users to login.  Users can authenticate to the repository fine with windows authentication.  Trying to login to the forms page they appear to require the ability to login with a password, as that's what event viewer clearly states upon the failure. But if I set that it will no longer correspond with their domain credentials, obviously causing much confusion.  I have a windows account assigned to the Named user license.  Please advise

0 0

Replies

replied on January 22, 2015

Windows users need to type their domain credentials into the Forms login screen.

0 0
replied on January 22, 2015

Yes the problem I have is that the pwd entered into the admin console must be manually entered.  When they change their domain pwd, it appears that won't update.

0 0
View 5 previous replies
replied on January 22, 2015

What I was trying to say is that Forms does not currently support passing the Windows credentials seamlessly through the way the Client or Web Access do. The user has to authenticate by typing in their Windows username and password.

0 0
replied on January 22, 2015

When I have it set up (Or think I do anyways) Event viewer says "The user is not allowed to log in using a password". I have to check the box "allow user to login with a password" therefore, not using windows authentication.  What could I have set up wrong?  WIndows authentication is working fine to login to the repository via the desktop application, just not through the browser into forms.

 

0 0
replied on January 28, 2015

Anybody?  It seems insane to have to manage another password for users.  However I can't get users access unless I check the box to allow them to use passwords, which have to be manually administered.

0 0
replied on January 28, 2015

I think the difference is that you are using a Laserfiche account linked to a Windows Account. If you just create the users as Windows Accounts, it should solve the problem you are having.

0 0
replied on January 28, 2015 Show version history

Kyle,

Please clarify a few things regarding your user setup. In the Laserfiche Administration Console, do you have Laserfiche Repository Users configured, or are you strictly using Windows Accounts, or are you using a combination of both where you have Windows Accounts linked to Laserfiche Repository Users?

The message reading "The user is not allowed to log in using a password" should only apply for Laserfiche Repository Users who have the "Allow user to log in with password" option unchecked. If the intention is to use Windows Accounts, then please make sure that the Windows users are configured under the "Windows Accounts" node in the Administration Console and that you don't have Windows accounts linked to Laserfiche Repository Users.

Also, on the Forms login page, you will have to specify the domain username and password to log in using Windows Authentication. There is an option in the Forms Configuration that allows for just the username to be entered without requiring the domain name. If you are using the user configuration of having Laserfiche Repository Users with linked Windows accounts and the Laserfiche username is the same as the domain username, then this can lead to confusion and you end up with that message about the user not being allowed to log in with a password.

The cleanest configuration would be to not have any Laserfiche Repository Users configured (if possible) and strictly use Windows Accounts.

Regards

0 0
replied on April 21, 2015

Alexander,

So what i understand from your last reply on this post is, whenever we create any user in laserfiche repository and associate some windows account with it (eg. DOMAIN\USERNAME), we should keep "Allow user to login with password" checked. Only then it will allow user to log in with username and password (but not domain\username and password) as well windows authentication will work.Is it correct?

 

Also, can you let me know if there is any way to allow users to use domain\username and password to login (in any case either "Allow user to login with password" is checked or not).

Thanks

Sanjay

 

0 0
replied on April 21, 2015

I'll further clarify by providing an example.

There exists a repository user called User1. The password for this repository user is u. The option to "allow user to log in with password" is unchecked.

When trying to log into Forms using User1/u, it will report in the Forms server's application event log

This user is not allowed to log in using a password. [9073]

So far that's to be expected.

Now, imagine there is a domain account, DOMAIN\User1 with a password that can be anything (the same or different as the password for the repository user). Link this domain account to the User1 repository user. You can use the Forms Configuration option, "Windows Domain" to

Specify a Windows domain to allow domain users to log in without having to enter the domain with their user name.

On the Forms login page, if you just input User1 as the username and the valid domain account password, then you should get logged into Forms successfully, regardless of the repository user that this Windows account is linked to being allowed to log in with a password or not.

0 0
replied on April 22, 2015

Hi,

I tried following things and none of these worked - 

1. I created one windows account (domain\user1) in laserfiche admin console. This account is not associated with any other laserfiche user. login failed when i tried to login using domain\user1 and windows password. It says "User Account or passowrd is incorrect '.

2. Created one laserfiche user "UserName" in admin console , associated this user with a domain account "domain\user1". Able to login using "domain\user1" and password through admin console. But not through code (i mean using laserfiche API). In this case "Allow user to login with password" is unchecked.

For step 2, code is as follow -        

 lfApplication = new LFApplication();
        lfServer = _lfApplication.GetServerByName(serverName) as LFServer;
        lfRepository = _lfServer.GetDatabaseByName(repositoryName) as LFDatabase;
        lfConnection = new LFConnection();

       if (windowsUser)
                {
                   lfConnection.Shared = windowsUser;
                   lfConnection.Create(_lfRepository);
                }
                else 
                {
                    lfConnection.UserName = userName;
                    lfConnection.Password = password;
                    lfConnection.Shared = false;
                    lfConnection.Create(_lfRepository);

                   }

 

Can you please let me know, how to login using domain\user and password using above code or am i doing some thing wrong. Is there some other API required for this.

 

Please suggest.

 

Thanks

Sanjay

0 0
replied on April 23, 2015

Hi Alexander, I apologize for the delay in this response...

 

Here's my setup.

I use LF repository users linked to domain accounts , have never used the windows accounts node.  Each of these is also a repository Named user.  In the LF desktop client they login using windows authentication.  Works fine.  Now the forms login I obviously want to share the same credentials.  In the formsconfig page I do have our domain entered and it syncs all the users properly.  In event viewer trying to login as domain\user and it says "The specified user name or password is incorrect" and logging in as user gives the expected error of "Not allowed to login with a password".

 

I also created a test user with a different username in LF than in AD to prevent any confusion with authentication.

0 0
replied on April 23, 2015

Also just noticed that event viewer shows two slightly different errors.

When logging in as "user" : The specified user name or password is incorrect.

When logging in as "domain\user" it just says "Incorrect password"

And yes I have confirmed the password is correct!

0 0
View 3 previous replies
replied on April 23, 2015

Can you confirm that the password is valid, i.e. the user is not required to change the password at the next logon and the user's domain account is not locked?

Can you also check that your Forms users have been synchronized so the repository user does show up as a valid named user in Forms.

Otherwise, please open a support case with your reseller as this works fine for me in Forms 9.2.1 and Avante Server 9.2.1. I have a repository user with a linked domain account and the repository user is not allowed to log in with a password. My Forms users have been synchronized so this repository user shows up as a named user in Forms. I can enter in the linked "domain\username" and "password" in the Forms login page and log in successfully.

0 0
replied on April 24, 2015

I've emailed support.  Hopefully we can sort it out.  Good to know its working somewhere with the config I want.   Thanks Alexander.

0 0
replied on April 30, 2015

Support looked and said everything was fine.  Didn't get much information.  However, more testing showed a weird discovery...

If users are admins on the LF Forms server, they can login fine.  It appears that something (Assuming in IIS) is requiring higher permissions/rights than a standard user is granted.  Any ideas what?  Obviously users can't be left as admins on that server.

0 0
replied on April 30, 2015

SOLVED

Apparently Forms users require the ability to login locally on the server.  Edited group policy to allow it, and it all works.

0 0
replied on April 30, 2015

We will look into removing this requirement in the next release of Forms.

0 0
replied on August 24, 2017

Can you tell me how to edit group policy to allow the ability to login locally on the server? 

1 0
replied on April 28, 2016

Hi,

This issue is fixed in Forms 10 (Remove requirement to be able to login locally on the server to authenticate)

Thank you.

0 1
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...