NimbostratusAD credentials in AAA server configuration was ok for aproximatly 3 months, after that, password is changed for that username on AD, but I never changed this password in configuration on BIG IP, but VPN users are still able to connect. Is there some place for caching this information, or?
NimbostratusAre using AD query in the policy? For AD authentication it is not used.
NimbostratusYes, I have AD Query: expr { [mcget {session.logon.last.username}] equals "someUser"}
Policy is like this
Logon page -> AD AUTH -> AD Query -> Seperate by users -> Resources by users
NimbostratusIf AD admin user/password is not configured APM will use the
"APM uses the user account to fetch information. This works if the user account has sufficient privilege."(OLH)
Not sure if this is happening here. If possible do restart of apd daemon to verify. "bigstart restart apd "
EmployeeThe AD admin credentials in the AAA object are only used for getting the password security information if you allow password change and for building the group cache. If you aren't using either of those then the AD Administrator is not needed.
NimbostratusJust to add:
In the Admin Name field, type a is case-sensitive name for an administrator who has Active Directory administrative permissions.
APM uses the information in the Admin Name and Admin Password fields for AD Query