I have assigned Start and View permissions to a group from AD. But users within that group do not get the permission. Below error was logged in the Adumerror file, when a user within that group tries to submit a process or open a worklist.
09-05-06 12:24:56 GetUser:GetPrimaryGroup
Could not Resolve the Primary Group for this user
Additional Information
GetUser(USNRJPaventi)
However, when I give permission to individual user account, it works. Any clue?
Thanks,
Seej
Page 1 / 1
Which version of K2.net 2003 are you running?
Regards,
Ockert
Regards,
Ockert
SP2a(3.5140.1.0)
Regards,
Sreeja
Regards,
Sreeja
And does it only happen with this AD group or all other groups as well?
The ADUM.dll changed for K2.net 2003 SP3. Maybe you should give it a try.
Regards,
Ockert
The ADUM.dll changed for K2.net 2003 SP3. Maybe you should give it a try.
Regards,
Ockert
This happens for all the AD groups except one, this group belongs to the domain where the K2 server is located.
Regards,
Seej
Regards,
Seej
Sorry, you've lost me...
Does the ONE group working correctly belong to the same domain where the K2Server is located?
I assume all other groups belonging to this same domain is NOT working.
Ockert
Does the ONE group working correctly belong to the same domain where the K2Server is located?
I assume all other groups belonging to this same domain is NOT working.
Ockert
All the groups belonging to the same domain where K2Server is located work correctly.
The groups which are not getting resolved belong to other domains.
I hope I am making sense!
Regards,
Seej
The groups which are not getting resolved belong to other domains.
I hope I am making sense!
Regards,
Seej
Ok, so this is clearly a cross domain security issue.
The mere fact that you were able to grant permissions to a group NOT in the same domain as the K2.net Server machine, means that K2.net 2003 is correctly configured for multiple domains i.e. if you can see the other domain users and groups in K2.net Service Manager, your K2.net configuration should be just fine.
Unfortunately, I'm no expert when it comes to domains etc. but what I do know is that there need be a two-way trust between the two domains. If however, everything works fine when you explicitly give the user Start permissions, I suppose the domains are set up correctly as well.
Please have a look at the attached DRAFT document. Try the steps described. Maybe this can solve the problem.
Regards,
Ockert
The mere fact that you were able to grant permissions to a group NOT in the same domain as the K2.net Server machine, means that K2.net 2003 is correctly configured for multiple domains i.e. if you can see the other domain users and groups in K2.net Service Manager, your K2.net configuration should be just fine.
Unfortunately, I'm no expert when it comes to domains etc. but what I do know is that there need be a two-way trust between the two domains. If however, everything works fine when you explicitly give the user Start permissions, I suppose the domains are set up correctly as well.
Please have a look at the attached DRAFT document. Try the steps described. Maybe this can solve the problem.
Regards,
Ockert
Hi, I got the same problem. My K2 Server and application server are in a same domain using AD authentication.
When I try to start a process, k2 server told me have no right to create a process. I use AD group and assign all right to this group. But it still not work.
BTW, my k2 version is K2.Net 2003 SP4.
Hi pochien,
You'll have to give me some more info...
Your K2Server and application server are in the same domain - are they on the same machine as well or different machines?
When the K2 Server told you, you have no right to create the process, did it specify a user name? What was that user name?
Did you give Start permissions to the user alone - what happened? or did you give Start permissions to the group this user belongs to?
Are you running in a single/multi domain environment?
Is the user also part of the same domain K2 Server is running in?
Any special characters in the UserName, UserPassword or GroupName?
Regards,
Ockert
Reply
View our Community Site Map
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.