For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Jan 06, 2017

Newly setup F5 LTM unable to authenticate with AD

Hi all, I have a F5 LTM which is unable to authenticate with my AD (Win 2012 R2). Running tcpdump i see the below in the wireshark after the bind Request. I'm using port 389 for authentication which shouldn't need SSL/TLS. Does this mean I need to enable SSL/TLS on the domain controller ?

 

bindResponse(1) strong AuthRequired (00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580)

 

application delivery
BIG-IP
LTM
the server requires binds to turn on integrity checking

1 Reply

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Altostratus rankAltostratus
    Jan 10, 2017

    You server is configured to prohibit plain text authentication (so called "simple bind")

     

    There are several options to avoid this problem:

     

    1) Adjust server configuration to allow simple bind,

     

    or

     

    2) Setup SSL.