Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Moudar
Advisor

LDAP & IDC all logs are "failed log in"

Hi,

We have installed IDC and everything looks good. The problem is that all logs coming to SMS are "Failed log in", even if the log in was successful the log still "Failed log in"?!

idc.JPG

All of the above logs were successful but logs in SMS say "failed log in"

log3.JPG

Any ideas!

0 Kudos
13 Replies
the_rock
Legend
Legend

Will check in lab, I think there is setting for this.

Best,

Andy

0 Kudos
the_rock
Legend
Legend

Make sure option I pointed out is CHECKED.

Andy

 

 

Screenshot_1.png

 

0 Kudos
the_rock
Legend
Legend

@Moudar Let us know if that does not work, I can do more lab tests.

Best,

Andy

0 Kudos
Moudar
Advisor

It is already configured as you said!

settings-collector.JPG

0 Kudos
the_rock
Legend
Legend

It should be checked.

Andy

0 Kudos
Alex-
Advisor
Advisor

You also need to configure the relevant LDAP Account Unit in Smart Console.

the_rock
Legend
Legend

Forgot that, 100% true.

Best,

Andy

0 Kudos
Moudar
Advisor

so if I have 4 different AD servers, everyone needs to have a LDAP account unit?

0 Kudos
the_rock
Legend
Legend

I dont believe its required, but probably recommended.

Best,

Andy

0 Kudos
Alex-
Advisor
Advisor

Account Units are per domain, not servers. You can create an AU with your domain and have 4 servers participate in it.

The firewalls need to be able to interrogate the AD servers to map the logon informations sent by the collectors.

the_rock
Legend
Legend

I know in the past it was always mentioned to have one server per AU, but I had seen people do multiple, works fine.

0 Kudos
Moudar
Advisor

LDAP-AU.JPG

As you can see our servers are in an LDAP AU, but still getting only "Failed log in" logs  and "log out" logs but no "log in" logs!

collector-logs.JPG

a rule to allow traffic looks like this:

collector rule.JPG

 

0 Kudos
the_rock
Legend
Legend

LDAP account unit seems fine to me. I would open TAC case to have all this double checked via remote session, might not be a bad idea.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events