AD Usernames in server log

Post Reply
MSidat
Community Contributor
Posts: 110
Joined: Thu Aug 26, 2010 7:41 am
OLAP Product: TM1, PA
Version: PAL 2.0.8
Excel Version: 2016
Location: North West England

AD Usernames in server log

Post by MSidat »

Hi All,

I have the new CreateNewCAMClients config setting in my config file and from time to time get the following type of message in the server log (I have also turned on the Login Logs courtesy of another post on here by lotsaram a few years ago:

5440 [25] DEBUG 2017-05-16 09:05:04.174 TM1.Login Login attempt by CAM account: CAMID("LivAD:u:1e1e4dadc713d244880f34c287db54e3")
5440 [25] WARN 2017-05-16 09:05:04.174 TM1.CAMSecurity.ClientCreation TM1ServerImpl::GetClientWithCAMPassport - Client not found, and not created due to CreateNewCAMClients config setting
5440 [25] DEBUG 2017-05-16 09:05:04.174 TM1.Login Login Error: SystemServerConnectWithCAMPassport failed

Is it possible at all to try and change the messaging process so that we can get the actual domain name of the user who has attempted to log in rather than the hashed version?

Thanks in advance
Always Open to Opportunities
User avatar
gtonkin
MVP
Posts: 1192
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: Latest and greatest
Excel Version: Office 365 64-bit
Location: JHB, South Africa
Contact:

Re: AD Usernames in server log

Post by gtonkin »

Not sure if using the tm1s-log.properties would give you what you need e.g.

Code: Select all

log4j.logger.TM1.Login=DEBUG, LOGIN
log4j.appender.LOGIN=org.apache.log4j.SharedMemoryAppender
log4j.appender.LOGIN.MemorySize=5 MB
log4j.appender.LOGIN.File=tm1login.log
log4j.appender.LOGIN.MaxFileSize=5 MB
log4j.appender.LOGIN.MaxBackupIndex=5
log4j.appender.LOGIN.Timezone=Local
I am sending to a separate log file as I am parsing this in a TI. Also, still on a dev environment with TM1 native security. Not sure if it will work but give it a whirl.
MSidat
Community Contributor
Posts: 110
Joined: Thu Aug 26, 2010 7:41 am
OLAP Product: TM1, PA
Version: PAL 2.0.8
Excel Version: 2016
Location: North West England

Re: AD Usernames in server log

Post by MSidat »

Thanks gtonkin,

I already have that log file turned on, and do the parsing of the file much like yourself into a cube so that I can track active users. However with AD turned on, the file only shows the hashed version of the AD Username, its not a problem for users who are already in the system as the Alias's in the clients Dim allow you to view who it refers to.

However the issue arises when you want to monitor the unsuccessful logins when someone tries to login who doesn't have access. And thus you have no look up to get the username as they do not exist in the client dim.
Always Open to Opportunities
Post Reply