configure f5 login using AD

belows are the configurations, I cannot login using f5admin....

System >> Authentication Authentication Source

User Directory: Remote - Active Directory Host : 172.16.X.X Port: 389 Remote Directory Tree: OU=usergroup, OU=acme ,DC=labs.contoso,dc=com Scope: Sub Bind DN: cn=f5admin,OU=usergroup, OU=acme ,DC=labs.contoso,dc=com Check Member Attribute in Group: Enabled SSL: Disabled External Users: Role: Administrator

For what? The Bind operation, or as the user to log on to the BIG-IP with? If the former, try setting Scope to Base. Otherwise, you need just enough permissions on the Bind account to perform a query.

In any case, try watching the LDAP traffic with a WireShark capture. LDAP is pretty verbose about its errors, so you should see what's going on inside the capture.

Looking back at previous posts, it looks like you're using the f5admin account as the Bind account. This is the account that logs into the AD and performs the query, so it needs enough permissions to do so.

Are you also using this same account to attempt to log into the BIG-IP management GUI?

In any case, the LTM log is just telling you that it failed. We know that. You really need to look at a WireShark capture of the LDAP traffic to see why it's failing.

If you can install WireShark anywhere, you can do a tcpdump from the BIG-IP and export it to WireShark:

tcpdump -lnni 0.0 port 389 -s0 -w ad_capture.pcap

This will listen on all interfaces for port 389 (LDAP) traffic, set snaplen to 0 so that tcpdump doesn't concatenate anything, and write this capture to a file. You can then scp this file to another machine and open it with WireShark.

hi @thong_196816 : kindly please let me know is this issue resolve. if yes can you please provide the resolution steps to this issue. currently i am at same issue facing. kindly please provide your solution. Thanks in advance.