Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
5
Helpful
4
Replies

Ldap authentication passes with any username

mplaksin0
Level 1
Level 1

‎12-24-2015 06:54 AM

Good Morning,

I am having a problem with WSA and ldap.

I had created a realm and an identity, but when I try to authenticate with a user that doesn't exist in the Active Directory, it pass the authentication like an existent user.

What I am doing bad?

Thanks.

Labels:
Preview file
55 KB
Preview file
42 KB
Preview file
31 KB
0 Helpful
4 Replies 4

David Niemann
Level 3
Level 3

‎12-24-2015 07:16 AM

Under Network->Authentication->Global Authentication Settings do you have "Action if Authentication Service Unavailable" set to Block all traffic if authentication fails?

mplaksin0
Level 1
Level 1
In response to David Niemann

‎12-24-2015 07:23 AM

Hello,

Its like you say, with block all traffic if fail.

Here is the screenshot.

Preview file
38 KB
0 Helpful

mplaksin0
Level 1
Level 1
In response to mplaksin0

‎12-28-2015 04:29 AM

Anyone?

0 Helpful

Atazazuddin Shaikh
Cisco Employee
Cisco Employee
In response to mplaksin0

‎12-28-2015 06:18 AM

Hello

Thanks for reaching out, couple of thing to check.

1. What is accesslogs shows for this transaction, username and other details..

2. Authentication cache, from CLI> authcache > LIST > Y, is this user still logged in. Flush etc. default cache value is 3600 sec == 1hr

3. Test from another client PC,  non AD user and grep accesslogs for review.

4. while you are accessing take a packet capture on the WSA, and client PC to check what PC is sending over on the wire.

Regards,

Zack

0 Helpful
Customers Also Viewed These Support Documents