Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
5
Helpful
3
Replies

SnS Syslog Question (Authentication)

panayiotiscy
Level 4
Level 4

‎02-29-2012 11:20 PM - edited ‎03-13-2019 07:44 PM

Hello all,

i would like to troubleshoot the SnS authentication for some users which fail to authenticate on our SnS portal.

we are using the ldap authentication and for the majority of our users the authentication is performed succesfully.

I have generated the syslog from the sns appliance but dont know exactly where to look at!

Any advice?

Thanking you                        

Labels:
0 Helpful
3 Replies 3

sdhanral
Level 1
Level 1

‎03-02-2012 05:25 AM

I would recommend opening a TAC service request for troubleshooting since the logs are not always very descriptive.

However if you would like to investigate on your own.

Please refer to the following steps :

1) Change the logging level to "DEBUG" , Have the user (who is failing authentication) log in the DMM, Once the authentication fails, Generate the sysreport.

2) Offload the sysreport from the Device.

3) Set the logging level to either ERROR or INFO.

4) Extract the syslog and analyze the following:

/var/log/apache-tomcat/catalina.out

Hope this helps.

Thanks,

Sagar Dhanrale

panayiotiscy
Level 4
Level 4
In response to sdhanral

‎03-05-2012 03:20 AM

Hello Sagar and thanks for your reply.

Indeed i did a research within the catalina.out file and i can confirm that is a mess :-)

Though, i managed to figure out that whenever an authentication fails there is an output simillar to this:

User token is: null , and vice versa  User token is: ST-5039-9J-xxxxxxxxxxxx .

Though, i just cannt figure out the reason why the authentication fails. Is there any other message that indicates the reason? Maybe is in numeric form?

Thanking you

0 Helpful

sdhanral
Level 1
Level 1
In response to panayiotiscy

‎03-05-2012 07:21 AM

It is difficult to give a root cause just by looking at the log snippet, I recommend the following checks before opening a TAC case.

1) Find out what is different between the working and non-working USER accounts on the Active directory side.

2) Find out the similarity between the non-working accounts.

3) Do all the non-working user accounts have First Name, Last Name, Email address and valid account login name ?

4) All all the non-working users on the DMM marked active in the DMM ?

5) Are all the non-working users belonging to a particular OU ?

6) Were debugs enabled before collecting syslogs ?

If none of the above help, I would recommend opening a TAC case and investigate this further.

Thanks,

Sagar Dhanrale

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents