Forum Discussion
nitass
May 04, 2013Employee
can you try "login-attribute" setting in conector_con_AD?
this is my testing. tasmania is web user.
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) show sys version|grep -A 5 Main\ Package
Main Package
Product BIG-IP
Version 11.3.0
Build 3022.0
Edition Hotfix HF3
Date Fri Feb 22 00:00:34 PST 2013
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
auth {
Perfil_AD
}
destination 172.28.20.16:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vlans-disabled
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm auth profile Perfil_AD
ltm auth profile Perfil_AD {
app-service none
configuration conector_con_AD
credential-source http-basic-auth
defaults-from ldap
rule AUTH_LDAP_URL_v1
type ldap
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm auth ldap conector_con_AD
ltm auth ldap conector_con_AD {
bind-dn cn=administrator,cn=users,DC=abc,DC=com
bind-pw password
login-attribute sAmAccountName
search-base-dn cn=users,DC=abc,DC=com
servers { 172.28.20.20 }
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule AUTH_LDAP_URL_v1
ltm rule AUTH_LDAP_URL_v1 {
when CLIENT_ACCEPTED {
set tmm_auth_ldap_sid [AUTH::start pam default_ldap]
}
when HTTP_REQUEST {
if {[HTTP::uri] equals "/"} {
AUTH::username_credential $tmm_auth_ldap_sid [HTTP::username]
AUTH::password_credential $tmm_auth_ldap_sid [HTTP::password]
AUTH::authenticate $tmm_auth_ldap_sid
HTTP::collect
}
}
when AUTH_RESULT {
if {[AUTH::status] != 0} {
HTTP::respond 401
} else {
HTTP::release
}
}
}
tcpdump
No. Time Delta Time Source Src port Destination Protocol Dst port Window BiF Vlan id Length Info
1 2013-05-04 16:55:05.469994 0.000000 00:00:00_00:00:00 00:00:00_00:00:00 0x05ff 156 Ethernet II
2 2013-05-04 16:55:15.106749 9.636755 172.28.20.11 45448 172.28.20.20 TCP 389 14600 4094 157 OUT s0/tmm1 : 45448 > 389 [SYN] Seq=3089723857 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1858114978 TSecr=0 WS=128
3 2013-05-04 16:55:15.108900 0.002151 172.28.20.20 389 172.28.20.11 TCP 45448 64240 4094 161 IN s0/tmm1 : 389 > 45448 [SYN, ACK] Seq=89577447 Ack=3089723858 Win=64240 Len=0 MSS=1460 WS=1 TSval=0 TSecr=0 SACK_PERM=1
4 2013-05-04 16:55:15.110082 0.001182 172.28.20.11 45448 172.28.20.20 TCP 389 14720 4094 149 OUT s0/tmm1 : 45448 > 389 [ACK] Seq=3089723858 Ack=89577448 Win=14720 Len=0 TSval=1858114982 TSecr=0
5 2013-05-04 16:55:15.110090 0.000008 172.28.20.11 45448 172.28.20.20 LDAP 389 14720 61 4094 210 OUT s0/tmm1 : bindRequest(1) "cn=administrator,cn=users,DC=abc,DC=com" simple
6 2013-05-04 16:55:15.112710 0.002620 172.28.20.20 389 172.28.20.11 LDAP 45448 64179 22 4094 171 IN s0/tmm1 : bindResponse(1) success
7 2013-05-04 16:55:15.113013 0.000303 172.28.20.11 45448 172.28.20.20 TCP 389 14720 4094 149 OUT s0/tmm1 : 45448 > 389 [ACK] Seq=3089723919 Ack=89577470 Win=14720 Len=0 TSval=1858114985 TSecr=51647361
8 2013-05-04 16:55:15.113341 0.000328 172.28.20.11 45448 172.28.20.20 LDAP 389 14720 76 4094 225 OUT s0/tmm1 : searchRequest(2) "cn=users,DC=abc,DC=com" wholeSubtree
9 2013-05-04 16:55:15.114853 0.001512 172.28.20.20 389 172.28.20.11 LDAP 45448 64103 1412 4094 1561 IN s0/tmm1 : searchResEntry(2) "CN=tasmania,CN=Users,DC=abc,DC=com" | searchResDone(2) success [1 result]
10 2013-05-04 16:55:15.119586 0.004733 172.28.20.11 45448 172.28.20.20 LDAP 389 17536 56 4094 205 OUT s0/tmm1 : bindRequest(3) "CN=tasmania,CN=Users,DC=abc,DC=com" simple
11 2013-05-04 16:55:15.121659 0.002073 172.28.20.20 389 172.28.20.11 LDAP 45448 64047 22 4094 171 IN s0/tmm1 : bindResponse(3) success
12 2013-05-04 16:55:15.122278 0.000619 172.28.20.11 45448 172.28.20.20 LDAP 389 17536 61 4094 210 OUT s0/tmm1 : bindRequest(4) "cn=administrator,cn=users,DC=abc,DC=com" simple
13 2013-05-04 16:55:15.124744 0.002466 172.28.20.20 389 172.28.20.11 LDAP 45448 63986 22 4094 171 IN s0/tmm1 : bindResponse(4) success
14 2013-05-04 16:55:15.164996 0.040252 172.28.20.11 45448 172.28.20.20 TCP 389 17536 4094 149 OUT s0/tmm1 : 45448 > 389 [ACK] Seq=3089724112 Ack=89578926 Win=17536 Len=0 TSval=1858115037 TSecr=51647361