Active Directory authentication broken in v2.2 and v2.2.1 (worked in v2.1.5)



  • Hi there,

    First thanks to the team for the hard work you do, much appreciated.

    Having a problem with AD authentication.

    Everything was working fine in v2.1.5, now broken in both v2.2 and v2.2.1.

    Problem

    • When adding an authentication server on the "System: Authentication Servers" page, it successfully pulls OU and Group information from Active Directory

    • When running an authentication test from the "Diagnostics: Authentication" page, it successfully tests the username and validates group membership ("User blahblah is a member of group 'Router Admins'")

    • When attempting to log into the BACKUP firewall in a HA+CARP pair, it says "invalid username or password" regardless WHAT user or auth server is used

    • AD logins for the WebGUI ONLY work on the primary firewall, but TESTING works in both firewalls test. And yes, settings are identical on both firewalls.

    Can a fix for this be added to v2.2.2?



  • Hmm… I'm running 2.2.1 and not seeing this.

    I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.


  • Banned

    WFM and tons of other people. Either specific to your HA setup or PEBKAC.



  • @coachmark2:

    Hmm… I'm running 2.2.1 and not seeing this.

    I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.

    Most bizarre thing, it's working now and I've literally changed nothing. And it's been broken for weeks.

    Just chalk it up to a gremlin?


Log in to reply