Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 5
Registered: ‎10-01-2012

aaaconfig authentication failure two LDAP servers.....

Hi.

   I am encountering a strange LDAP authentication failure, which I am hoping someone can help me with. ;c)   I have a number of Fabriics running 6520s and 5300s all on FOS 7.2.1d.    A couple of weeks ago, I noticed that my LDAP account was failing to authorize on five or six single switches out of approx 38. Previously they were working well. After some diagnosis I discovered that these switches with two LDAP servers configured were refusing connection. When I remove either, then access is regained!!  Changing the time-out value appears to have no effect.

 

    Speaking to the Wintel, and Network team they say nothing has changed!   Has anyone experienced anything similar??

 

Cheers!!

 

Keith.

Brocade Moderator
Posts: 251
Registered: ‎08-31-2009

Re: aaaconfig authentication failure two LDAP servers.....

Hello,

 

Before you lose the switch access, no change has been done on IP network, none on switches (FOS upgrade or configuration change), nor on the LDAP servers?

Does the second LDAP server is still alive and working?

Does both single LDAP servers configured into the switch allow to access?

 

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Occasional Contributor
Posts: 5
Registered: ‎10-01-2012

Re: aaaconfig authentication failure two LDAP servers.....

Hi tzimmerm

    Thanks for the help in this. ;c)   It is really strane. Nothing was changed to the switches, FOS or similar, and I am told nothing was changed on the Network, or with regards the LDAP servers.   Yes both LDAP servers servers work when they are singularly activated, and bizarrely on most of the switches both work OK.  It just seems to be a about five switches. I am currently going through the entire config to see if there are any differences, but so far I can see nothing.   

     Do you know if there is a log anywhere which details why the authentication has failed??   I can find nothing in the err log.

Cheers!!

Keith

Brocade Moderator
Posts: 251
Registered: ‎08-31-2009

Re: aaaconfig authentication failure two LDAP servers.....

Basics logs are in the switch for LDAP. Also LDAP server logs may help for check any anomalies.

Some external tools as Wireshark exist but because the exchange between the Brocade product and the LDAP server occurs over an encrypted session, so analysis is limited.

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Brocade Moderator
Posts: 36
Registered: ‎03-29-2010

Re: aaaconfig authentication failure two LDAP servers.....

I don't know a lot about the Wintel side, but never heard anything good about LDAP and Wintel AD. Go back to your Wintel AD guys and ask if they had a 'security' patch release installed. Probably changed one of the LDAP APIs and crapped up the directory access. AD was Wintels attempt to corner the market on sec authentication. Sigh,,,,

 

Best of luck.

doc

Any and all information provided by me is for entertainment value and should not be relied upon as a guaranteed solution or warranty of mechantability. All systems and all networks are different and unique. If you have a concern about data loss, or network disconnection, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, Please mark it with the button at the bottom "Accept as solution".

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.