topic Re: LDAP & IDC all logs are "failed log in" in Firewall and Security Management

LDAP & IDC all logs are "failed log in"

Moudar — Thu, 22 Feb 2024 16:11:52 GMT

Hi,

We have installed IDC and everything looks good. The problem is that all logs coming to SMS are "Failed log in", even if the log in was successful the log still "Failed log in"?!

All of the above logs were successful but logs in SMS say "failed log in"

Any ideas!

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 16:48:24 GMT

Will check in lab, I think there is setting for this.

Best,

Andy

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 17:18:30 GMT

Make sure option I pointed out is CHECKED.

Andy

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 19:11:50 GMT

@Moudar Let us know if that does not work, I can do more lab tests.

Best,

Andy

Re: LDAP & IDC all logs are "failed log in"

Alex- — Thu, 22 Feb 2024 19:13:17 GMT

You also need to configure the relevant LDAP Account Unit in Smart Console.

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 19:17:28 GMT

Forgot that, 100% true.

Best,

Andy

Re: LDAP & IDC all logs are "failed log in"

Moudar — Thu, 22 Feb 2024 20:29:17 GMT

It is already configured as you said!

Re: LDAP & IDC all logs are "failed log in"

Moudar — Thu, 22 Feb 2024 20:28:22 GMT

so if I have 4 different AD servers, everyone needs to have a LDAP account unit?

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 20:29:20 GMT

It should be checked.

Andy

Re: LDAP & IDC all logs are "failed log in"

the_rock — Thu, 22 Feb 2024 20:29:54 GMT

I dont believe its required, but probably recommended.

Best,

Andy

Re: LDAP & IDC all logs are "failed log in"

Alex- — Fri, 23 Feb 2024 05:44:16 GMT

Account Units are per domain, not servers. You can create an AU with your domain and have 4 servers participate in it.

The firewalls need to be able to interrogate the AD servers to map the logon informations sent by the collectors.

Re: LDAP & IDC all logs are "failed log in"

the_rock — Fri, 23 Feb 2024 10:06:57 GMT

I know in the past it was always mentioned to have one server per AU, but I had seen people do multiple, works fine.

Re: LDAP & IDC all logs are "failed log in"

Moudar — Tue, 27 Feb 2024 11:06:42 GMT

As you can see our servers are in an LDAP AU, but still getting only "Failed log in" logs and "log out" logs but no "log in" logs!

a rule to allow traffic looks like this:

Re: LDAP & IDC all logs are "failed log in"

the_rock — Tue, 27 Feb 2024 14:17:19 GMT

LDAP account unit seems fine to me. I would open TAC case to have all this double checked via remote session, might not be a bad idea.

Best,

Andy