Forum Discussion
nitass
Apr 18, 2014Employee
if your ldap server does not do client certificate authentication, can you try to remove client certificate and key in configuration?
also, i understand ca certificate is not required (i.e. no server validation). can you try to remove ca certificate in configuration as well?
config
root@ve10(Active)(tmos) list sys global-settings
sys global-settings {
auth-source-type ldap
gui-setup disabled
hostname ve10.acme.com
mgmt-dhcp disabled
}
root@ve10(Active)(tmos) list auth ldap
auth ldap system-auth {
bind-dn CN=administrator,CN=users,DC=abc,DC=com
bind-pw password
login-attribute samaccountname
port ldaps
search-base-dn CN=Users,DC=abc,DC=com
servers { 200.200.200.103 }
ssl enabled
}
/var/log/secure
[root@ve10:Active] log tail -f /var/log/secure
Apr 18 17:20:16 local/ve10 alert httpd[3536]: pam_unix(httpd:account): could not identify user (from getpwnam(tasmania))
Apr 18 17:20:16 local/ve10 notice httpd[3536]: 01070417:0: AUDIT - user tasmania - RAW: httpd(mod_auth_pam): user=tasmania(tasmania) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.206.176 attempts=1 start="Fri Apr 18 17:20:16 2014".