Active Directory authentication broken in v2.2 and v2.2.1 (worked in v2.1.5)
-
Hi there,
First thanks to the team for the hard work you do, much appreciated.
Having a problem with AD authentication.
Everything was working fine in v2.1.5, now broken in both v2.2 and v2.2.1.
Problem
-
When adding an authentication server on the "System: Authentication Servers" page, it successfully pulls OU and Group information from Active Directory
-
When running an authentication test from the "Diagnostics: Authentication" page, it successfully tests the username and validates group membership ("User blahblah is a member of group 'Router Admins'")
-
When attempting to log into the BACKUP firewall in a HA+CARP pair, it says "invalid username or password" regardless WHAT user or auth server is used
-
AD logins for the WebGUI ONLY work on the primary firewall, but TESTING works in both firewalls test. And yes, settings are identical on both firewalls.
Can a fix for this be added to v2.2.2?
-
-
Hmm… I'm running 2.2.1 and not seeing this.
I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.
-
WFM and tons of other people. Either specific to your HA setup or PEBKAC.
-
Hmm… I'm running 2.2.1 and not seeing this.
I know it sounds dumb, but I've done it a hundred times before... Have you gone to User Manager > Settings and changed it from Local Database to your DC on the backup firewall? Gets me every time since it's not a replicated setting that I'm aware of.
Most bizarre thing, it's working now and I've literally changed nothing. And it's been broken for weeks.
Just chalk it up to a gremlin?