Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SSO to eDir upgrade fails IP to user connection

Kevin_VerbeekKevin_Verbeek Newbie ✭
in Entry Level Firewalls

SSO to eDir upgrade fails IP to user connection

Have 2 x TZ500 in HA mode Active-Standby

Upgraded the FW from 6.2.7.1 to the latest 6.5.4.9. al is working well.

Now I wanted to update the SSO Agent (Directory Connector Config Tool) which is running on a Win 7 systems. We have 2 for redundancy.

The old SSO connector is version 4.0.22 and is working well on IP 172.16.120.21

The new SSO connector is version 4.1.19 and is is not working well on IP 172.16.120.22

 - it is setup exactly the same as the older working connector

---

To test agent connectivity, goto SW TZ500, Users, Settings, Configure SSO, Test


Select agent = working agent of 172.16.120.21, agent connectivity, test.

Test Status = Result: Agent 172.16.120.21 is ready

& info returned from agent

**

Enabled user ID mechanisms: Domain Controller Logs

Reading from domain controllers: 172.16.102.5, 172.16.102.6

**

To test, goto SW TZ500, Users, Settings, Configure SSO, Test


Select agent = working agent of 172.16.120.22, agent connectivity, test.

Test Status = Result: Agent 172.16.120.22 is ready

& info returned from agent

**

Enabled user ID mechanisms: Novell eDirectory

Reading from eDirectory servers: 172.16.102.5, 172.16.102.6

**


------😕

Now for the interesting part - Check user

To test, goto SW TZ500, Users, Settings, Configure SSO, Test


Select agent = working agent of 172.16.120.21, check user, set IP to my WS, test.

User name: cn=John Goutbeck,o=Kyetech (from agent 172.16.120.21)

& info returned from agent

**

User was identified from domain controller logs

**


Select agent = working agent of 172.16.120.22, check user, set IP to my WS, test.

Error -1

& info returned from agent

**

EMPTY

**


What could be not right with the SSO AGent (Directory Connector Config Tool)?

Category: Entry Level Firewalls
Reply
Tagged:

Comments

  • Kevin_VerbeekKevin_Verbeek Newbie ✭

    More testing


    Downgraded SSO connector 4.1.19 to 4.0.25 - all working as expected

    Upgraded to 4.0.29 - working as expected

    Upgraded to 4.1.16 - working as expected

    Upgraded to 4.1.17 - Error 1 - on checking user IP address


    So it seems something within the SSO Agent Connector changed how it talks to eDirectory and errors out.

    So we will work with SSO connector 4.1.16.


    Also each time the SSO agent was upgraded, no settings were kept. Would be nice if the upgrade could read & use the previous settings.

  • AdviseAdvise Newbie ✭

    Hey Kevin,

    the version that worked well for you was not the latest one, right?

    Reading your text, I believe I have the same problem as you. I noticed from the reports received in the email that some company machines are having difficulty authenticating.

    Performing tests, everything seems to work fine, in the Firewall and in the agent installed on the computers for authentication, but in practice, it is not working as it should.

Sign In or Register to comment.