Upgraded from 7.1 to 7.3.1 AD Connector Fails Now

Jubuntu · 07-06-2010, 09:33 AM

Last Friday I upgraded from 7.1 to 7.3.1 and now the AD Connector fails and says my "my settings are wrong"

If I go into the Policy Manager and attempt to edit or view a policy I get an error stating that "there was a problem refreshing my AD users."

Not sure what the problem is. I am going to back up my settings for now, and attempt to reinstall the Directory Connector module later tonight. Any help is appreciated.

jcoffin · 07-06-2010, 09:50 AM

Have you trued the "Active Directory Test" button?

Jubuntu · 07-06-2010, 10:09 AM

Quote:

Originally Posted by jcoffin

Have you trued the "Active Directory Test" button?

Yes the first thing I tried was the Test button and I get the first error message telling me "my settings are wrong." However all the settings are in fact right and were working in 7.1.

dmorris · 07-06-2010, 10:19 AM

are you sure your settings are correct?
what are you settings?

Jubuntu · 07-06-2010, 10:42 AM

Quote:

Originally Posted by dmorris

are you sure your settings are correct?
what are you settings?

IP: 192.168.31.3

DNS Port: 389 (Default)

Username: untangle (I created a admin account named untangle for the purpose of being used as the connector account)

Password: ******** (I have tried resetting this password just in case it was something as simple as that but it isn't.

)

Active Directory Domain: The FDQN of our domain.

I reason I did the jump to 7.3 was because of the Group support that 7.2 added and I was still on 7.1 which everything ran perfectly under. Figures the one thing I wanted to the most isn't working at all anymore lol.

I can ping, trace, nslookup, netstat between the Untangle server and the AD server all day. They can communicate and the default DNS port is active too.

I can also see all the users on the Untangle, that are connecting via the login script. For some reason the Directory Connector will not connect to AD database anymore so none of my policies are being applied to those users.

Thanks for the help thus far, hope this info helps.

dmorris · 07-06-2010, 11:07 AM

well theres two parts to directory connector. per user policies will still work even if it can't connect to your AD server, it just won't be able to authenticate users against AD (for captive portal/remote access portal/etc) if the test fails.

of course, you'll need untangle to communicate to AD to read the group information so groups won't work until you get the authentication working.

can you post a screenshot of the error?
also, can you check the logs on the AD server at the same time?

Big D · 07-06-2010, 11:09 AM

with the recent changes to AD connector does the script need to be updated that runs on individual machines during logon?

mrunkel · 07-06-2010, 12:21 PM

@Big D: No script is still the same.

@Jubuntu: Do you already have a case open with our support folks? If not, please contact them.

Jubuntu · 07-06-2010, 01:01 PM

Quote:

Originally Posted by mrunkel

@Big D: No script is still the same.

@Jubuntu: Do you already have a case open with our support folks? If not, please contact them.

Hey mrunkel, I have case open with Live Support, we are troubleshooting it now. They have me trying a bunch of different things for now. I will post back with my results and hopefully a working solution.

Jubuntu · 07-07-2010, 05:46 AM

Update: The issue has been resolved.

I had to disable LDAP Server Signing Requirements. (Again

) So the problem is no longer Untangle. It is now figuring out how or why that policy setting changed back to its default value. I will have to talk to my Supervisor when he gets back from vacation...

07-06-2010, 09:33 AM	#1 (permalink)
Jubuntu Untanglit Join Date: Nov 2008 Posts: 25	Upgraded from 7.1 to 7.3.1 AD Connector Fails Now Last Friday I upgraded from 7.1 to 7.3.1 and now the AD Connector fails and says my "my settings are wrong" If I go into the Policy Manager and attempt to edit or view a policy I get an error stating that "there was a problem refreshing my AD users." Not sure what the problem is. I am going to back up my settings for now, and attempt to reinstall the Directory Connector module later tonight. Any help is appreciated.

07-06-2010, 10:19 AM	#4 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	are you sure your settings are correct? what are you settings? __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

07-06-2010, 11:07 AM	#6 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	well theres two parts to directory connector. per user policies will still work even if it can't connect to your AD server, it just won't be able to authenticate users against AD (for captive portal/remote access portal/etc) if the test fails. of course, you'll need untangle to communicate to AD to read the group information so groups won't work until you get the authentication working. can you post a screenshot of the error? also, can you check the logs on the AD server at the same time? __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

07-06-2010, 11:09 AM	#7 (permalink)
Big D Master Untangler Join Date: Nov 2008 Posts: 691	with the recent changes to AD connector does the script need to be updated that runs on individual machines during logon? __________________ The beatings shall continue until morale improves!

07-06-2010, 12:21 PM	#8 (permalink)
mrunkel Join Date: Jul 2008 Posts: 2,766	@Big D: No script is still the same. @Jubuntu: Do you already have a case open with our support folks? If not, please contact them. __________________ m. Big Frickin Disclaimer: While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions. It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

Protect

Filter

Perform

Connect

Manage

Add-Ons

07-06-2010, 09:50 AM	#2 (permalink)
jcoffin Untangler Join Date: Aug 2008 Location: Sunnyvale, CA URLs submitted: 1 Posts: 1,780	Have you trued the "Active Directory Test" button?

07-07-2010, 05:46 AM	#10 (permalink)
Jubuntu Untanglit Join Date: Nov 2008 Posts: 25	Thanks everyone. Update: The issue has been resolved. I had to disable LDAP Server Signing Requirements. (Again ) So the problem is no longer Untangle. It is now figuring out how or why that policy setting changed back to its default value. I will have to talk to my Supervisor when he gets back from vacation...