2 Replies Latest reply on May 28, 2015 10:54 AM by mslavens

    HA Peer to Peer Cluster - ldap auth fails on active node

    mslavens

      Just built a peer to peer HA cluster where we have SSH to the appliance enabled with ldap authenticator.  If we attempt to SSH onto the active node, ldap auth fails, however if we attempt to SSH onto the peer node, ldap is successful. If we adjust the authenticator to password, local auth works on both the active and peer nodes.  Has anyone else come across this?  We are running 8.3.2 P06.  Thank you,

        • 1. Re: HA Peer to Peer Cluster - ldap auth fails on active node
          mslavens

          Further troubleshooting we have identified the following in our logs on the active node:

           

          2015-05-26 10:13:12
          -0600 f_ssh_server a_general_area t_error p_major

           

          pid: 71162 logid: 0
          cmd: 'sshd' hostname: hostnameoffirewall

           

          information: unable
          to get message from warder, result=0

           

           

          This does not exist on our standby node.

           

          We have also completely removed the ldap authenticator and re-added it.  ldap auth still fails on active node and passes on standby node.

          • 2. Re: HA Peer to Peer Cluster - ldap auth fails on active node
            mslavens

            Found a solution to this:

             

            Validate that the LDAP warder exsted in the authenticator.conf file:

             

            /secureos/etc/warder/authenticator.conf

             

            Should look something like:

             

            authenticator(ldap /usr/libexec/ldapw config_file[] directory[/var/run/authenticator/ldap] env(domain[ldpw] user[] group[] core[] files[2048] memory[] processes[2000] stack[] rss[])
            pidfile(/var/run/authenticator/ldap/ldapw.pid lock) valid[yes] enabled[on] args[-c /etc/sidewinder/authenticator/ldap.conf] service_name[ldapw] failure_event[SERVICE_FAILURE])

             

            Gather the PID number of daemond using the following command:

             

            pss daemond

             

            Reloaded the authenticator.conf (/secureos/etc/warder/authenticator.conf) file by restarting the daemond process using command:

             

            kill -HUP <pid ID of daemond>