Jump to content


Photo

Wrong LDAP user displayed

LDAP 410

  • Please log in to reply
9 replies to this topic

#1 Thomas Rock

Thomas Rock
  • Members
  • 18 posts

Posted 22 September 2014 - 01:48 PM

I've got a curious issue with our 410 web filter.  For whatever reason, the web log will sometimes display the wrong LDAP user.  Not another user that has logged into that particular PC previously, but a user that has NEVER logged into that PC.  This is causing a lot of confusion in automated reports we run for web traffic.

 

I've seen other posts where there can be problems with multiple users logging off and on to a particular PC, but that's not what's happening here.  Also, our IP addresses have long lease times and the PCs are almost never shutdown for any length of time.

 

Does anyone have any ideas?

 

Thanks.



#2 Jeremy Friesen

Jeremy Friesen
  • Members
  • 1 posts

Posted 22 September 2014 - 01:57 PM

I have the same problem.  Roughly a third of all traffic is being logged under a user only used for syncing LDAP information to our phone system.  Nobody ever uses it to login to a computer.  Also, time will sometimes be off two hours and then magically switch back to the correct time as it auto refreshes.

Curious what everybody says on this.



#3 Brian Seiler

Brian Seiler
  • Members
  • 10 posts

Posted 22 September 2014 - 02:56 PM

I have the exact same problem. If students pull an ethernet cable out of the back of a desktop computer and then plug it into their personal laptop, the barracuda sees them as random authenticated users. Sometimes they even show up as a domain admin. It is really weird and unsettling. They should show up in the web log as unauthenticated...

 

I use the web log to watch this all happen in near real time...



#4 Brian Seiler

Brian Seiler
  • Members
  • 10 posts

Posted 22 September 2014 - 02:58 PM

I have the exact same problem. If students pull an ethernet cable out of the back of a desktop computer and then plug it into their personal laptop, the barracuda sees them as random authenticated users. Sometimes they even show up as a domain admin. It is really weird and unsettling. They should show up in the web log as unauthenticated...

 

I use the web log to watch this all happen in near real time...

By the way, I have a 610 on firmware Firmware v7.0.1.006 (2013-12-12 17:51:33) 



#5 Cole Tarbet

Cole Tarbet
  • Members
  • 50 posts
  • LocationUtah, USA

Posted 22 September 2014 - 03:08 PM

I'm just grabbing low-hanging fruit here, but if computers change their IP addresses (DHCP) it can mess with the logged in user.  Even if you don't currently have this problem it's worth making sure that DHCP lease time is long (~2 weeks).



#6 Cole Tarbet

Cole Tarbet
  • Members
  • 50 posts
  • LocationUtah, USA

Posted 22 September 2014 - 03:09 PM

Sorry, just noticed your comment about lease time at the end.



#7 Thomas Rock

Thomas Rock
  • Members
  • 18 posts

Posted 25 September 2014 - 07:08 AM

***SOLVED***

 

We worked with Barracuda support.  In our case, the issue was caused by us having moved our web filter to another data center.  It was pulling LDAP logins from stored data pulled from our domain controller while at the old data center.  We had to stop and restart the DCAgent on our domain controller so the filter could pull current login data.

 

For those having this issue, even if you haven't had to relocate your filter appliance, it wouldn't hurt to try this solution.



#8 Brian Seiler

Brian Seiler
  • Members
  • 10 posts

Posted 29 September 2014 - 09:42 AM

Thanks, Thomas and Cole. I have filed a case and will report the results.



#9 Brian Seiler

Brian Seiler
  • Members
  • 10 posts

Posted 29 September 2014 - 10:10 AM

Barracuda Support recommended upgrading our dc agent to the most current version. I have done that and will test today.



#10 Brian Seiler

Brian Seiler
  • Members
  • 10 posts

Posted 04 November 2014 - 10:33 AM

After upgrading the dc agent, our barracuda is still pulling the wrong ldap user constantly.