Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VCS 7.1 won't authenticate to AD

I just upgraded to 7.1 from 7.0 and now my AD Administration Authentication won't work.  It worked before the upgrade perfectly.  I get this error in the Event log of the VCS:

May 18 17:37:55web: User="mjefferson" Event="Admin Session Login Failure" Src-ip="172.16.3.28" Src-port="59753" UTCTime="2012-05-18 21:37:55"
May 18 17:37:55web: Event="Authorization Failure" Detail="Failed to authenticate; User cannot be authenticated by PAM" User="mjefferson" Src-ip="172.16.3.28" Src-port="59753" Level="1" UTCTime="2012-05-18 21:37:55"

I checked the VCS LDAP configuration and the status is Available.  I'm not using TLS for LDAP lookups.  What am I missing?

Everyone's tags (5)
5 REPLIES

VCS 7.1 won't authenticate to AD

More information.  I can see the VCS hitting the AD server but then there is a logoff event.  Nothing has changed on the AD server since the upgrade.

VCS 7.1 won't authenticate to AD

Hi Martin,

I remember one such incident where customer was not able to login using AD. They said nothing has been changed on AD but later they said some removed the group from AD accidentaly.

PAM is a module used for authentication purpose.

Pulling up a diagnostic log from VCS will help to perform additional torubleshooting.  Also reverify the configuration and AD setttings and check AD users groups and Base DN.

Thanks

Alok

VCS 7.1 won't authenticate to AD

I've triple checked the AD setup and it is correct.  What I am seeing in the Diag Log is:

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,546" Module="pam_unix(taa-chkpasswd:auth)" Level="WARNING"  CodeLocation="support.c(631)" Pid="6367" Thread="0" Detail="check pass; user unknown"

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,546" Module="pam_unix(taa-chkpasswd:auth)" Level="NOTICE"  CodeLocation="support.c(710)" Pid="6367" Thread="0" Detail="authentication failure; logname= uid=2 euid=0 tty= ruser= rhost= "

May 22 10:39:43 VCSC taa-chkpasswd: UTCTime="2012-05-22 14:39:43,557" Module="pam_unix(taa-chkpasswd:account)" Level="ALERT"  CodeLocation="pam_unix_acct.c(210)" Pid="6367" Thread="0" Detail="could not identify user (from getpwnam(marty))"

May 22 10:39:43 VCSC web: Event="Authorization Failure" Detail="Failed to authenticate; User cannot be authenticated by PAM" User="marty" Src-ip="172.22.4.75" Src-port="63790" Level="1" UTCTime="2012-05-22 14:39:43"

May 22 10:39:43 VCSC web: User="marty" Event="Admin Session Login Failure" Src-ip="172.22.4.75" Src-port="63790" UTCTime="2012-05-22 14:39:43"

I know the password is correct.

VCS 7.1 won't authenticate to AD

I resolved the issue.  It turns out if the "Password Never Expires" option is not checked in AD the VCS will not authenticate the account.  Once you check this option it works fine.

Gold

VCS 7.1 won't authenticate to AD

Martin,

using a VCS running X7.1 and a 2008 R2 domain controller, I can successfully authenticate VCS admin users towards AD both when the user's 'Password never expires' flag is set and unset.

- Andreas

1093
Views
0
Helpful
5
Replies
CreatePlease login to create content