Forum Discussion
NimbostratusAPM Ahthentication failed with LDAP
Hello we have recently upgrade our prod big-ip devices from v 11.4.1 to v 11.5.3 and everything with ltm was working fine and today in the morning we have observed a error with apm module. The error which we found was
Apr 11 14:02:04 us-oakc-f5dmz4 notice tmm[18831]: 01490544:5: 1200b8ad: Received client info - Type: Mozilla Version: 1 Platform: MacOS CPU: unknown UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1 Apr 11 14:02:04 us-oakc-f5dmz4 notice tmm[18831]: 01490500:5: 1200b8ad: New session from client IP 172.30.151.21 (ST=/CC=/C=) at VIP 172.28.6.196 Listener /Common/iApp-Citrix-XenApp.app/iApp-Citrix-XenApp_webui_https (Reputation=Unknown) Apr 11 14:02:16 us-oakc-f5dmz4 notice apd[14257]: 01490010:5: 1200b8ad: Username 'us\uskcxs87' Apr 11 14:02:16 us-oakc-f5dmz4 notice apd[14257]: 01490010:5: 1200b8ad: Username 'uskcxs87' Apr 11 14:02:16 us-oakc-f5dmz4 err apd[14257]: 01490110:3: 1200b8ad: LDAP module: authentication with 'sAMAccountName=uskcxs87' failed: Can't contact LDAP server (-1) . Anyone who can help me in sorting this issue would be greatly appreciated.
Thankyou.
3 Replies
Seth_CooperEmployee
This is a duplicate post of https://devcentral.f5.com/questions/apm-authentication-failed-with-ldap.
JinshuCirrus
It looks like a configuration issue. Can you telnet the ldap server ip address from your big-ip on ldap port?
-Jinshu
- Jinshu
Ok. Can you check if you have any entry in /var/log/secure for ldap issue? Do you have SSL configuration for ldap in F5?
sometimes we see error like this..
err httpd[28858]: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_NEWCTX): Can't contact LDAP server err httpd[28858]: pam_ldap: _set_ssl_options failed err httpd[28858]: pam_ldap: ldap_simple_bind "Can't contact LDAP server". A "Can't contact" error also happens when ssl handshakes go wrong. err httpd[28858]: pam_ldap: reconnecting to LDAP server...-Jinshu
