Well I got the LDAP groups verified after fiddling around for a day or two. Now a new user who has never created an account, gets an error when trying to use the registration page. Like the user doesn't exist in that group or something. Any ideas?
... View more
Hello! I have two pulse connect secure devices, These are clustered together and share the same configuration at two different geographic locations. I have inegrated MFA with DUO - https://duo.com/docs/pulseconnect The first device comes up fine, when I test the API connection I get: info: For server api-XXXXXXX.duosecurity.com at port XXX LDAP server is reachable. The 2nd device didn't do so well, even though the walkthrough says to ignore errors: error: For server api-XXXXXXX.duosecurity.com at port XXX LDAP Server is unreachable. Check the server address, port, and connection type. Here is the logs from the 2nd device: Info AUT24327 2017-08-29 12:26:29 -XX-XX-PULSE - [172.17.X.X]XXXX/XXXX/XXXX - Secondary authentication failed for XXXXX/DUO-LDAP from 172.17.X.X Minor AUT23391 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Could not connect to LDAP server 'DUO-LDAP': Failed binding to admin DN:  Can't contact LDAP server: api-XXXXX.duosecurity.com:XXX Info AUT23278 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Password realm restrictions successfully passed for XXXX/XXXX/XXXX Info AUT24326 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Primary authentication successful for XXXX/XXXX/XXXX from 172.17.X.X The first device FW shows constant SSL traffic while the 2nd one isn't talking to DUO. Is this a pulse limitation, a duo limitation, or something else?
... View more