cancel
Showing results for 
Search instead for 
Did you mean: 

Role Mapping fails in one cluster node running 6.0R3.1

Contributor

Role Mapping fails in one cluster node running 6.0R3.1

Scenario:

6.0R3.1 build 12507 in active/active 2-node cluster load balanced by DXs

Active Directory authentication server

Role mapping via Active Directory security group membership, using the "Groups" method.

1) ocassionaly node 1 will show Login failed. Reason: No Roles, when in fact user belongs to the correct security group and if they hit cluster node 2, role mapping will succeed.

2) Also, unsure if this is related, but in 6.0R3.1, if Active Directory group membership is changed and domain controllers synch, both nodes will show old group membership information in a policy trace and user will get mapped to old role, even after several days have passed, and when Active Directory Users and Computers shows the user to not belong to the security groups the IVE marks as true in the trace log. If the same user logs into lab unit running 6.3R2, role mapping succeeds and a policy trace shows the correct group membership information.

I am grateful for your feedback.