This is an interesting problem I encountered last week with an environment configured with native AD authentication within Log Insight. The version was 4.6.1 but the same behaviour can be found in version 4.7.
Adding domain users to Log Insight directly via the native authentication enabled the domain user to log into Log Insight without any issues. Adding an AD group to Log Insight and then trying to log in as a user who was a member of that group produced a login issue.
The user could not login no matter how the username was entered including:
- username with no domain details (relying on default domain in the “Authentication” settings)
- username in UPN format (email@example.com)
- domain\username format
Looking at the runtime.log file we were getting some interesting failure messages.
AD group membership was all good and there were no nested groups in the configuration (historically issues have been found with 2003 domain functional levels and nested groups requiring advanced authentication parameters to be changed (https://kb.vmware.com/s/article/2079763).
Trawling the VMware internal KB site and bug systems produced very few leads however I started to think about case sensitivity (one of the bugs I had read had a similar issue and mentioned case sensitivity). The domain I was testing against had an all uppercase domain name yet the authentication section within Log Insight was populated in lowercase.
I removed the AD groups from Log Insight and then re-configured the authentication settings to match AD. In my case the default domain field was the only one that required changing. After this I re-added the domain group and tested login. Our test user logged straight in.
I wanted to test whether the same would be true in reverse (domain in lowercase but Authentication settings in uppercase). After re-configuration (and use of a different domain) I experienced exactly the same login failure.
The key takeway is to make sure your case settings match between AD and the Log Insight Authentication settings!