Forum Discussion

Jim_43682's avatar
Jim_43682
Icon for Nimbostratus rankNimbostratus
Jul 02, 2012

AD Remote Authentication over Managment interface?

Hello All,     Got a quick one for you. Is it possible to have the remote authentication requests go out the Management interface? Right now, after doing a tcpdump on both management interface a...
management
monitoring
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 06, 2012
the configuration looks okay to me. if i were you, i would try normal ldap (plain text) and capture packet to see what wrong is.

this is my configuration. 

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list auth source
auth source {
    type active-directory
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list auth remote-user
auth remote-user {
    default-role admin
    remote-console-access tmsh
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list auth ldap
auth ldap system-auth {
    bind-dn cn=administrator,cn=users,dc=abc,dc=com
    bind-pw password
    login-attribute samaccountname
    port 636
    search-base-dn DC=abc,DC=com
    servers { 172.28.19.78 }
    ssl enabled
}

[root@ve11a:Active:In Sync] config  tail /var/log/secure
Jul  6 19:28:03 ve11a notice httpd[31839]: 01070417:5: AUDIT - user tasmania - RAW: httpd(mod_auth_pam): user=tasmania(tasmania) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.206.55 attempts=1 start="Fri Jul  6 19:28:03 2012".