I've upgraded our SA2000 from 6.3R5 to 7.1R3 and now I cannot authenticate against Active Directory as the primary authentication server. The message in the logs is:
|Info||AUT23457||2011-07-28 15:52:16 - ive - [18.104.22.168] xxxxxx (SMS Token) - Login failed using auth server Test_AD (Samba). Reason: ConnectError|
|Info||AUT24327||2011-07-28 15:52:16 - ive - [22.214.171.124] xxxx (SMS Token) - Primary authentication failed for xxxx/xxxx from xxxxx|
All was working fine prior to the upgrade. Your urgent assistance would be greatly appreciated.
A ConnectError normally indicates an issue with the network connectivity. Under the Auth Servers > (Your AD server instance), you have an option to "Test Configuration". Do you see any errors when you click this button?
When I do a Test Connectivity, it just sits there for a couple minutes thinking about it, then nothing happens. No confirmation whether it was successful or not.
I can confirm it's not a connectivity issue, as like I said, it was working perfectly before the upgrade. What would have changed as a result of the upgrade?
The only items we have seen are when there is somet type of communication error with AD (e.g. security settings do not allow IVE to auth, network interference unexpectedly, latency in communication on the backend).
What IVE OS version are you using?
It can't be latency or a security issue with anything external to the IVE, because it used to work prior to the upgrade.
Any way, I got it work by changing two things:
* I selected all three settings, Kerberos, NTLMv2 and NTLMv1. Previously I just had Kerberos.
* Instead of specifying the kerberos realm, I select the option to seach LDAP for the Kerboros realm.
My test connectivity still fails but everything is working as it should, so I'm happy.
Frustrates the hell out of me everytime Juniper releases an update to the IVE something always breaks.