Stanislas_Piron
May 09, 2016Nimbostratus
TMOS 11.5.4 Admin Remote Authentication with LDAP issue
Hi,
I am configuring Remote AD authentication for BigIP administrators.
I already done it for some other customers without issues.
The system authentication configuration is:
auth ldap system-auth {
check-roles-group enabled
login-attribute samaccountname
search-base-dn DC=xxxxx,DC=local
servers { 1.2.3.4 }
user-template %s@xxxx.local
}
I tried by changing authentication to LDAP but the result is the same.
When trying to authenticate, I can see the request and response with tcpdump :
With ldapsearch I got the expected answer.
But the administrator is never authenticated and the following message appears in log files:
[root@bigip:Active:Standalone] config grep 24310 /var/log/audit
May 9 14:00:55 bigip info sshd[24310]: 01070417:6: AUDIT - user root - RAW: pam_ldap initiating connection to non-SSL ldap server 1.2.3.4 on port 389.
May 9 14:09:41 bigip info sshd[24310]: 01070417:6: AUDIT - user root - RAW: pam_ldap validating credentials for user 'admin_test' against non-SSL ldap server 1.2.3.4 on port 389.
May 9 14:09:43 bigip info sshd[24310]: 01070417:6: AUDIT - user root - RAW: pam_ldap terminating connection to non-SSL ldap server 1.2.3.4 on port 389.
May 9 14:09:43 bigip info sshd(pam_audit)[24310]: 01070417:6: AUDIT - user admin_test - RAW: sshd(pam_audit): User=admin_test tty=ssh host=1.1.1.1 failed to login after 1 attempts (start="Mon May 9 14:00:52 2016" end="Mon May 9 14:09:43 2016").
[root@bigip:Active:Standalone] config grep 24310 /var/log/secure
May 9 14:09:41 bigip err sshd[24310]: pam_ldap: ldap_search_s Can't contact LDAP server
May 9 14:09:41 bigip notice sshd[24310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.1.1.1 user=admin_test
May 9 14:09:43 bigip info sshd(pam_audit)[24310]: User=admin_test tty=ssh host=1.1.1.1 failed to login after 1 attempts (start="Mon May 9 14:00:52 2016" end="Mon May 9 14:09:43 2016").
May 9 14:09:43 bigip info sshd(pam_audit)[24310]: 01070417:6: AUDIT - user admin_test - RAW: sshd(pam_audit): User=admin_test tty=ssh host=1.1.1.1 failed to login after 1 attempts (start="Mon May 9 14:00:52 2016" end="Mon May 9 14:09:43 2016").
Am I missing something or is there a bug in 11.5.4 HF1 version?
I am sure authentication from F5 to AD servers is working fine as the same AD servers are used by APM.