HomeJuniperSRXLogging SRX LDAP Authentication.

Logging SRX LDAP Authentication.

Software Effect Enterprises, Inc Posted on by

First – set up logging

set system processes general-authentication-service traceoptions file general_auth
set system processes general-authentication-service traceoptions file size 100000
set system processes general-authentication-service traceoptions file files 10
set system processes general-authentication-service traceoptions flag all

Review the logs

> show log general_auth

A successful authentication

Sep 20 11:34:10.349899 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH4a57d40:29
Sep 20 11:34:10.382840 LDAP:AUTH: Admin Bind succeeded for auth_id=AUTH4a57d40:29
Sep 20 11:34:10.417597 LDAP:AUTH: LDAP User DN search: Found a match user=myuser, auth_id=AUTH4a57d40:29
Sep 20 11:34:10.417712 authd_ldap_userDN_search_callback: Received memberOf: RemoteAccess
Sep 20 11:34:10.417747 authd_ldap_userDN_search_callback: lo_group_count:1 ldap_auth_flags:0x0
Sep 20 11:34:10.417780 authd_ldap_userDN_search_callback: matched to configured group: RemoteAccess, address-pool reference name (inet:JSC-POOL1) (inet6:), flags:0x5
Sep 20 11:34:10.417811 LDAP:AUTH: LDAP Found matching group, user=myuser, auth_id=AUTH4a57d40:29 skipping other memberOf attr parsing for non FWAUTH
Sep 20 11:34:10.417842 LDAP:AUTH: LDAP User DN search: userDN=CN=myuser,CN=Users,DC=windom,DC=mycompany,DC=biz, auth_id=AUTH4a57d40:29
Sep 20 11:34:10.418495 LDAP:AUTH: Found userDN CN=myuser,CN=Users,DC=windom,DC=mycompany,DC=biz for user myuser, auth_id=AUTH4a57d40:29
Sep 20 11:34:10.485384 LDAP:AUTH: Bind succeeded for auth_id=AUTH4a57d40:29
Sep 20 11:34:10.485492 Framework - module(ldap) return: SUCCESS

Wrong admin search distiguished name

Sep 20 12:30:44.755686 LDAP:AUTH: Start LDAP auth using profile JSC-RA-PROFILE
Sep 20 12:30:44.755721 LDAP:AUTH: authd_ldap_start_auth - Added new ldap handle, id=LDAP4a7da80:8
Sep 20 12:30:44.755777 LDAP:AUTH: Attempting to connect to LDAP server 10.186.2.200:389
Sep 20 12:30:44.755807 using source address 0.0.0.0
Sep 20 12:30:44.755871 LDAP:AUTH: connect operation handle=0x0x2b01780
Sep 20 12:30:44.755908 REQUEST: AUTHEN - module_index 0 module(ldap) return: ASYNC
Sep 20 12:30:44.755958 UserAccess:myuser session-id:9228157150114315532 state:start
Sep 20 12:30:44.758701 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH4a55940:54
Sep 20 12:30:44.760748 LDAP:AUTH: Admin Bind failed. Result=49, auth_id=AUTH4a55940:54
Sep 20 12:30:44.760840 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839, auth_id=AUTH4a55940:54
Sep 20 12:30:44.760916 Framework - module(ldap) return: FAILURE

Bad admin-search password

Sep 20 13:55:28.919145 LDAP:AUTH: Start LDAP auth using profile JSC-RA-PROFILE
Sep 20 13:55:28.919192 LDAP:AUTH: authd_ldap_start_auth - Added new ldap handle, id=LDAP4bc1280:52
Sep 20 13:55:28.919251 LDAP:AUTH: Attempting to connect to LDAP server 10.9.21.205:389
Sep 20 13:55:28.919283 using source address 0.0.0.0
Sep 20 13:55:28.919372 LDAP:AUTH: connect operation handle=0x0x2b058a0
Sep 20 13:55:28.919417 REQUEST: AUTHEN - module_index 0 module(ldap) return: ASYNC
Sep 20 13:55:28.919474 UserAccess:myuser session-id:9234068270654290739 state:start
Sep 20 13:55:28.923396 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH4a57dc0:56
Sep 20 13:55:28.931420 LDAP:AUTH: Admin Bind failed. Result=49, auth_id=AUTH4a57dc0:56
Sep 20 13:55:28.931517 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839, auth_id=AUTH4a57dc0:56
Sep 20 13:55:28.931610 Framework - module(ldap) return: FAILURE

Disabled admin-search account

Sep 20 12:38:16.487883 LDAP:AUTH: Start LDAP auth using profile JSC-RA-PROFILE
Sep 20 12:38:16.487946 LDAP:AUTH: authd_ldap_start_auth - Added new ldap handle, id=LDAP4bc1180:35
Sep 20 12:38:16.488044 LDAP:AUTH: Attempting to connect to LDAP server 10.9.21.205:389
Sep 20 12:38:16.488097 using source address 0.0.0.0
Sep 20 12:38:16.488187 LDAP:AUTH: connect operation handle=0x0x2b05870
Sep 20 12:38:16.488254 REQUEST: AUTHEN - module_index 0 module(ldap) return: ASYNC
Sep 20 12:38:16.488314 UserAccess:myuser session-id:9234068201934383117 state:start
Sep 20 12:38:16.491331 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH4a57e00:39
Sep 20 12:38:16.497521 LDAP:AUTH: Admin Bind failed. Result=49, auth_id=AUTH4a57e00:39
Sep 20 12:38:16.497628 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 533, v3839, auth_id=AUTH4a57e00:39
Sep 20 12:38:16.497682 Framework - module(ldap) return: FAILURE

Wrong user password or disabled user account

Sep 20 13:52:01.291365 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.299754 LDAP:AUTH: Admin Bind succeeded for auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.303769 LDAP:AUTH: LDAP User DN search: Found a match user=myuser, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.303870 authd_ldap_userDN_search_callback: Received memberOf: RemoteAccess
Sep 20 13:52:01.303903 authd_ldap_userDN_search_callback: lo_group_count:1 ldap_auth_flags:0x0
Sep 20 13:52:01.303937 authd_ldap_userDN_search_callback: matched to configured group: RemoteAccess, address-pool reference name (inet:JSC-POOL1) (inet6:), flags:0x5
Sep 20 13:52:01.303971 authd_ldap_userDN_search_callback: Received memberOf: Remote Desktop Users
Sep 20 13:52:01.303998 authd_ldap_userDN_search_callback: lo_group_count:1 ldap_auth_flags:0x5
Sep 20 13:52:01.304025 authd_ldap_userDN_search_callback: Received memberOf: Users
Sep 20 13:52:01.304051 authd_ldap_userDN_search_callback: lo_group_count:1 ldap_auth_flags:0x5
Sep 20 13:52:01.304078 authd_ldap_userDN_search_callback: Received memberOf: Administrators
Sep 20 13:52:01.304115 authd_ldap_userDN_search_callback: lo_group_count:1 ldap_auth_flags:0x5
Sep 20 13:52:01.304153 LDAP:AUTH: LDAP User DN search: userDN=CN=myuser,CN=Users,DC=windom,DC=mycompany,DC=biz, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.304818 LDAP:AUTH: Found userDN CN=myuser,CN=Users,DC=windom,DC=mycompany,DC=biz for user myuser, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.312713 LDAP:AUTH: Bind failed. Result=49, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.312846 LDAP:AUTH: Bind failed. Error msg=80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839, auth_id=AUTH2aa7f40:54
Sep 20 13:52:01.312900 Framework - module(ldap) return: FAILURE

 

No such account in Active Directory

Sep 20 13:52:46.885022 LDAP:AUTH: Start LDAP auth using profile JSC-RA-PROFILE
Sep 20 13:52:46.885059 LDAP:AUTH: authd_ldap_start_auth - Added new ldap handle, id=LDAP4bc1240:51
Sep 20 13:52:46.885118 LDAP:AUTH: Attempting to connect to LDAP server 10.9.21.205:389
Sep 20 13:52:46.885180 using source address 0.0.0.0
Sep 20 13:52:46.885257 LDAP:AUTH: connect operation handle=0x0x2b05890
Sep 20 13:52:46.885295 REQUEST: AUTHEN - module_index 0 module(ldap) return: ASYNC
Sep 20 13:52:46.885342 UserAccess:notauser session-id:9234068266359290578 state:start
Sep 20 13:52:46.888247 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH2aa7f40:55
Sep 20 13:52:46.893728 LDAP:AUTH: Admin Bind succeeded for auth_id=AUTH2aa7f40:55
Sep 20 13:52:46.896868 LDAP:AUTH: User DN search failed for user=notauser, auth_id=AUTH2aa7f40:55
Sep 20 13:52:46.896975 Framework - module(ldap) return: FAILURE

Clean up

Stop logging

# delete system processes general-authentication-service

Clear out the logs

> clear log general_auth

and

> file delete /var/log/general_auth
> file delete /var/log/general_auth.gz

Comments are closed.