BookmarkSubscribeRSS Feed
AmitSri
Pyrite | Level 9

Hi,

 

 

We have created users using LDAP and able to login to environment Manager. While logging in to sasstudio, Only few of them are able to login. But, few of them are not able to login to SASStudio and its saying Access Denied and  For few others its saying password expired. Is there any thing going wrong while logging in. We had set the same password for all the users. I dont see any limitations in the validity of paswords though.

 

Can anyone help on this . Many Thanks!!

3 REPLIES 3
JuanS_OCS
Amethyst | Level 16

Hello @AmitSri,

 

are you talking about SASStudio on Viya or on 9.4?

 

For Viya, the tip is that the authentication works on a slightly different way: the users will authenticate against the web (and web to LDAP, as your selected option), but it has to double-authenticate as well against the host servers where CAS is running. Meaning: either you have your users registered in the host itself, maintaining same passwords, or you have your linux server joined to the LDAP realm, hence the users can log, with the LDAP credentials, to the CAS servers and the home folders should be automatically generated  (you can give a look into PAM options).

https://communities.sas.com/t5/SAS-Communities-Library/SAS-Viya-3-2-Authentication-Options/ta-p/3720...

 

For 9.4, I think we would need to know additional details: the specific errors in SAS metadata, SAS Studio logs and SAS Logon is a good starting point.

 

Kind regards,

Juan

AmitSri
Pyrite | Level 9
hi Jaun,

Thanks for that!!

I am asking about viya. We use to login using our LDAP credentials to all products like Environment manager, SASHome, CAS monitor and SASStudio. But, suddenly, we found that few users are facing this issues. However my id and few sasdemo ids which we created for a general purpose are working fine.
JuanS_OCS
Amethyst | Level 16

Hello @AmitSri,

 

the web applications (Environment Manager, VA, etc) all work with the authentication as set as web authentication: LDAP, SAML, etc. in your case, it is connected to LDAP/AD.

 

However, CAS sessions connect through web (SASStudio), but also it starts a process (the actual CAS one) in the host itself. That is why you need host authentication as well. And the users and passwords should match.

 

PAM is your friend here, and you can delegate authentications to it. So you can create users locally, and maintain the users and passwords, or you just join the machine/s to LDAP realm to allow users to log locally to the server (through SAS Studio) and the server should create the linux home folder for the user as well. 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 4043 views
  • 3 likes
  • 2 in conversation