Error "Invalid credentials. Failed to login to external identity store" When Using the sAMAccountName of a User Account

Published: 22 Jan 2020
Last Modified Date: 23 Jan 2020


When using the sAMAccountName of a user account as the Active Directory binding username for the domain, the following error might occur:

Invalid credentials. Failed to login to external identity store"


  • Tableau Server
  • Linux
  • Active Directory


Use the account's User Principle Name (UPN) or Distinguished Name for the username when configuring simple bind for Active Directory on Tableau Server.


For accounts where the user's CN does not match its sAMAccountName in Active Directory, the Active Directory simple bind will fail due to the supplied username being used for the CN in the Distinguished Name, and Active Directory will reject it as it will not match the Distinguished Name of the user. As an example, let's say the binding user chosen has the following attributes:

sAMAccountName: test
Distinguished Name: CN=test user,CN=Users,DC=mydomain,DC=com

When configuring the username with "test", this could result in the simple bind using a Distinguished Name of:


Which will not match the "test" user's DN.

Did this article resolve the issue?