Ldap Authentication and expired Passwords

Question

We are using bigip LDAP authentication. Most things seem to be working as expected. However when we have a user with an expired password the bigip allows the authentication through even though the LDAP server is logging error=49 and the LTM log shows.
&nbsp;Jan 24 11:23:59 ROBONAUT tamd: 010b0232:4: pam_authenticate: 6
&nbsp;Jan 24 11:23:59 ROBONAUT tamd: 010b0235:4: AUTH: Permission denied&nbsp;
&nbsp; I have added additional logging to my irule and it appear that Auth_Success event is firing when this happens. Is this a bug we have found? This occurs using the default Irule that comes with the bigip and our own irule. We are running version 9.1.1. I have not opened a case with tech support yet. Any help would be greatly appreciated. 
&nbsp;Thanks,
&nbsp;Jason

colin_walker_12 · Answer

Could you post up a copy of the rule you're using when receiving this error? It sounds strange that the BIG-IP would log that permission was denied AND trigger the success event...&nbsp;
&nbsp;Thanks,
&nbsp;Colin

Forum Discussion

Ldap Authentication and expired Passwords

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

AD password expired

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Authentication issue when changing password

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS