KNOWLEDGE BASE

Error "Invalid credentials. Failed to login to external identity store" When Using the sAMAccountName of a User Account


Published: 22 Jan 2020
Last Modified Date: 23 Jan 2020

Issue

When using the sAMAccountName of a user account as the Active Directory binding username for the domain, the following error might occur:

Invalid credentials. Failed to login to external identity store"

Environment

  • Tableau Server
  • Linux
  • Active Directory

Resolution

Use the account's User Principle Name (UPN) or Distinguished Name for the username when configuring simple bind for Active Directory on Tableau Server.

Cause

For accounts where the user's CN does not match its sAMAccountName in Active Directory, the Active Directory simple bind will fail due to the supplied username being used for the CN in the Distinguished Name, and Active Directory will reject it as it will not match the Distinguished Name of the user. As an example, let's say the binding user chosen has the following attributes:

sAMAccountName: test
Distinguished Name: CN=test user,CN=Users,DC=mydomain,DC=com


When configuring the username with "test", this could result in the simple bind using a Distinguished Name of:

CN=test,CN=Users,DC=mydomain,DC=com

Which will not match the "test" user's DN.

Did this article resolve the issue?