Forum Discussion

Wintrode_61162's avatar
Icon for Nimbostratus rankNimbostratus
Apr 14, 2011

Windows AD/LDAP Problems

When I bind and query from the F5 using works, but when I configure the F5 to use it for auth I get an error:



Apr 14 12:57:59 local/f5devicename alert httpd[19973]: pam_unix(httpd:account): could not identify user (from getpwnam(186137))


Apr 14 12:57:59 local/f5devicename err httpd[19973]: [error] [client] AUTHCACHE PAM: user '186137' - invalid account: Authentication failure, referer: https://f5devicename/tmui/login.jsp?msgcode=1&




I see a different series of log entries when I enter a known bad ID, so this leads me to believe I am authenticating, but the F5 either does not like my all s ID, or something else is going on. Any thoughts?





2 Replies

  • Can you post your sanitized admin auth config from /config/bigip_sys.conf? You could try comparing a tcpdump of your manual ldapsearch with the request LTM sends during its auth attempt.



  • Ok, so with the TCP dump I see the initial binding with my hard-coded credentials that conducts the lookup on the samaccountname. I then see a successful bind of the samaccountname entered at the login prompt. Then another bind of the hard-coded credentials.



    I wonder if my attribute definition is wrong for the remote-role? Would that be logged somewhere?