Jump to content


Photo

Single Sign On Authentication Not Working

web security gateway ldap single sign on

  • Please log in to reply
1 reply to this topic

#1 Nickielou Barton

Nickielou Barton
  • Members
  • 8 posts

Posted 08 January 2017 - 01:34 AM

Good day, Barracuda Support. I would like to ask for an assistance regarding our LDAP Single Sign On Authentication. After the DHCP errors we got the past few days, we are now unable to do the single sign on. Users who are registered on our AD are not listed on the Account Views tab anymore when they login on their Windows PC, and then when accessing the Internet our users will be asked with their local Barracuda accounts. Any idea how to fix this?



#2 John Irwin

John Irwin
  • Barracuda Team Members
  • 54 posts

Posted 09 January 2017 - 09:30 AM

see these articles

 

this is a common concern with any failure of LDAP setup or AD configuration or the agent istelf if old, installed improperly or AD issues with WMI or bot net framework.
read the articles and you are looking to trace the issue to see the event was triggered in AD event security log for 2008 and up (ID 4624) if these are happening recently then they should pass to the WSG. if not then possibly parameter settings on config page of filter are too low and the users are disappearing to soon or else the firewall is not allowing the passing of port 5049 from the DC to the WSG as with setting up all DCs in the authentication page.

if you can see new events and see that the firewall is set, reboot DC, or restart DCagent service on DC, verify version used and latest downloadable version form the GUI authentication page of the WSG.

https://www.barracud...60000000HbDBAA0

 

https://www.barracud...60000000H2LxAAK

 

Otherwise call support for better diagnosis of the issue happening. 

 

the DC must have a new event, if restarted or the agent, it must be a new even from that time and newer. this event must pass from DC to WSG on port 5049 or set open port in the WSG authentication page. once passed it will populate the account view page and web log.