Hi All,
I have the new CreateNewCAMClients config setting in my config file and from time to time get the following type of message in the server log (I have also turned on the Login Logs courtesy of another post on here by lotsaram a few years ago:
5440 [25] DEBUG 2017-05-16 09:05:04.174 TM1.Login Login attempt by CAM account: CAMID("LivAD:u:1e1e4dadc713d244880f34c287db54e3")
5440 [25] WARN 2017-05-16 09:05:04.174 TM1.CAMSecurity.ClientCreation TM1ServerImpl::GetClientWithCAMPassport - Client not found, and not created due to CreateNewCAMClients config setting
5440 [25] DEBUG 2017-05-16 09:05:04.174 TM1.Login Login Error: SystemServerConnectWithCAMPassport failed
Is it possible at all to try and change the messaging process so that we can get the actual domain name of the user who has attempted to log in rather than the hashed version?
Thanks in advance
AD Usernames in server log
-
MSidat
- Community Contributor
- Posts: 110
- Joined: Thu Aug 26, 2010 7:41 am
- OLAP Product: TM1, PA
- Version: PAL 2.0.8
- Excel Version: 2016
- Location: North West England
AD Usernames in server log
Always Open to Opportunities
-
gtonkin
- MVP
- Posts: 1254
- Joined: Thu May 06, 2010 3:03 pm
- OLAP Product: TM1
- Version: Latest and greatest
- Excel Version: Office 365 64-bit
- Location: JHB, South Africa
- Contact:
Re: AD Usernames in server log
Not sure if using the tm1s-log.properties would give you what you need e.g.
I am sending to a separate log file as I am parsing this in a TI. Also, still on a dev environment with TM1 native security. Not sure if it will work but give it a whirl.
Code: Select all
log4j.logger.TM1.Login=DEBUG, LOGIN
log4j.appender.LOGIN=org.apache.log4j.SharedMemoryAppender
log4j.appender.LOGIN.MemorySize=5 MB
log4j.appender.LOGIN.File=tm1login.log
log4j.appender.LOGIN.MaxFileSize=5 MB
log4j.appender.LOGIN.MaxBackupIndex=5
log4j.appender.LOGIN.Timezone=Local-
MSidat
- Community Contributor
- Posts: 110
- Joined: Thu Aug 26, 2010 7:41 am
- OLAP Product: TM1, PA
- Version: PAL 2.0.8
- Excel Version: 2016
- Location: North West England
Re: AD Usernames in server log
Thanks gtonkin,
I already have that log file turned on, and do the parsing of the file much like yourself into a cube so that I can track active users. However with AD turned on, the file only shows the hashed version of the AD Username, its not a problem for users who are already in the system as the Alias's in the clients Dim allow you to view who it refers to.
However the issue arises when you want to monitor the unsuccessful logins when someone tries to login who doesn't have access. And thus you have no look up to get the username as they do not exist in the client dim.
I already have that log file turned on, and do the parsing of the file much like yourself into a cube so that I can track active users. However with AD turned on, the file only shows the hashed version of the AD Username, its not a problem for users who are already in the system as the Alias's in the clients Dim allow you to view who it refers to.
However the issue arises when you want to monitor the unsuccessful logins when someone tries to login who doesn't have access. And thus you have no look up to get the username as they do not exist in the client dim.
Always Open to Opportunities