cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1570
Views
0
Helpful
5
Replies
Highlighted

VCS 7.1 won't authenticate to AD

I just upgraded to 7.1 from 7.0 and now my AD Administration Authentication won't work.  It worked before the upgrade perfectly.  I get this error in the Event log of the VCS:

May 18 17:37:55web: User="mjefferson" Event="Admin Session Login Failure" Src-ip="172.16.3.28" Src-port="59753" UTCTime="2012-05-18 21:37:55"
May 18 17:37:55web: Event="Authorization Failure" Detail="Failed to authenticate; User cannot be authenticated by PAM" User="mjefferson" Src-ip="172.16.3.28" Src-port="59753" Level="1" UTCTime="2012-05-18 21:37:55"

I checked the VCS LDAP configuration and the status is Available.  I'm not using TLS for LDAP lookups.  What am I missing?

5 REPLIES 5
Highlighted

More information.  I can see the VCS hitting the AD server but then there is a logoff event.  Nothing has changed on the AD server since the upgrade.

Highlighted

Hi Martin,

I remember one such incident where customer was not able to login using AD. They said nothing has been changed on AD but later they said some removed the group from AD accidentaly.

PAM is a module used for authentication purpose.

Pulling up a diagnostic log from VCS will help to perform additional torubleshooting.  Also reverify the configuration and AD setttings and check AD users groups and Base DN.

Thanks

Alok

Highlighted

I've triple checked the AD setup and it is correct.  What I am seeing in the Diag Log is:

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,546" Module="pam_unix(taa-chkpasswd:auth)" Level="WARNING"  CodeLocation="support.c(631)" Pid="6367" Thread="0" Detail="check pass; user unknown"

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,546" Module="pam_unix(taa-chkpasswd:auth)" Level="NOTICE"  CodeLocation="support.c(710)" Pid="6367" Thread="0" Detail="authentication failure; logname= uid=2 euid=0 tty= ruser= rhost= "

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,557" Module="pam_unix(taa-chkpasswd:account)" Level="ALERT"  CodeLocation="pam_unix_acct.c(210)" Pid="6367" Thread="0" Detail="could not identify user (from getpwnam(marty))"

May 22 10:39:43 VCSC web: Event="Authorization Failure" Detail="Failed to authenticate; User cannot be authenticated by PAM" User="marty" Src-ip="172.22.4.75" Src-port="63790" Level="1" UTCTime="2012-05-22 14:39:43"

May 22 10:39:43 VCSC web: User="marty" Event="Admin Session Login Failure" Src-ip="172.22.4.75" Src-port="63790" UTCTime="2012-05-22 14:39:43"

I know the password is correct.

Highlighted

I resolved the issue.  It turns out if the "Password Never Expires" option is not checked in AD the VCS will not authenticate the account.  Once you check this option it works fine.

Highlighted

Martin,

using a VCS running X7.1 and a 2008 R2 domain controller, I can successfully authenticate VCS admin users towards AD both when the user's 'Password never expires' flag is set and unset.

- Andreas

Content for Community-Ad