Windows AD/LDAP Problems

Question

When I bind and query from the F5 using ldapsearch...it works, but when I configure the F5 to use it for auth I get an error:&nbsp;
&nbsp;Apr 14 12:57:59 local/f5devicename alert httpd[19973]: pam_unix(httpd:account): could not identify user (from getpwnam(186137))
&nbsp;Apr 14 12:57:59 local/f5devicename err httpd[19973]: [error] [client 10.10.242.44] AUTHCACHE PAM: user '186137'  - invalid account: Authentication failure, referer: https://f5devicename/tmui/login.jsp?msgcode=1&amp;&nbsp;&nbsp;
&nbsp;I see a different series of log entries when I enter a known bad ID, so this leads me to believe I am authenticating, but the F5 either does not like my all s ID, or something else is going on. Any thoughts?&nbsp;&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Can you post your sanitized admin auth config from /config/bigip_sys.conf?  You could try comparing a tcpdump of your manual ldapsearch with the request LTM sends during its auth attempt. 
&nbsp;  
&nbsp; Aaron

wintrode_61162 · Answer

Ok, so with the TCP dump I see the initial binding with my hard-coded credentials that conducts the lookup on the samaccountname. I then see a successful bind of the samaccountname entered at the login prompt. Then another bind of the hard-coded credentials. &nbsp;
&nbsp; I wonder if my attribute definition is wrong for the remote-role? Would that be logged somewhere?

Forum Discussion

Windows AD/LDAP Problems

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

AD authentication with LDAPS

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Windows File Share via F5 VIP

Nginx vs Windows

Source_Addr Persistence Problems