Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Active Directory authentication broken in v2.2 and v2.2.1 (worked in v2.1.5)

    Scheduled Pinned Locked Moved webGUI
    4 Posts 3 Posters 935 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HaburGate
      last edited by

      Hi there,

      First thanks to the team for the hard work you do, much appreciated.

      Having a problem with AD authentication.

      Everything was working fine in v2.1.5, now broken in both v2.2 and v2.2.1.

      Problem

      • When adding an authentication server on the "System: Authentication Servers" page, it successfully pulls OU and Group information from Active Directory

      • When running an authentication test from the "Diagnostics: Authentication" page, it successfully tests the username and validates group membership ("User blahblah is a member of group 'Router Admins'")

      • When attempting to log into the BACKUP firewall in a HA+CARP pair, it says "invalid username or password" regardless WHAT user or auth server is used

      • AD logins for the WebGUI ONLY work on the primary firewall, but TESTING works in both firewalls test. And yes, settings are identical on both firewalls.

      Can a fix for this be added to v2.2.2?

      PGP Key: 0x82A211A2
      Server:    pool.sks-keyservers.net

      1 Reply Last reply Reply Quote 0
      • C
        coachmark2
        last edited by

        Hmm… I'm running 2.2.1 and not seeing this.

        I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          WFM and tons of other people. Either specific to your HA setup or PEBKAC.

          1 Reply Last reply Reply Quote 0
          • H
            HaburGate
            last edited by

            @coachmark2:

            Hmm… I'm running 2.2.1 and not seeing this.

            I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.

            Most bizarre thing, it's working now and I've literally changed nothing. And it's been broken for weeks.

            Just chalk it up to a gremlin?

            PGP Key: 0x82A211A2
            Server:    pool.sks-keyservers.net

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.