PowerFlex LDAP 驗證在為 Active Directory (AD) 使用第三方多重因素驗證 (MFA) 時失敗。

Summary: PowerFlex LDAP 驗證在為 Active Directory 使用第三方多重因素驗證 (MFA) 時失敗。第三方平衡器可能會阻礙LDAP流量,導致LDAP登錄失敗。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • 失敗的驗證嘗試次數:使用者無法使用 LDAP 登入資料在 PowerFlex 中進行驗證。
  • 直接 AD 認證沒有問題:使用者或許能夠直接使用 Active Directory 進行驗證,不會發生任何問題,但是當他們透過 PowerFlex 使用 LDAP 時,就會出現此問題。

主要 MDM (PMDM) trc 記錄會顯示類似輸出,如下所示:

2023/09/15 16:34:12.881368 7f0159dccdb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login received, User: 'a172001'. [20874]". Additional info: ". Originating source IP: 127.0.0.1" Severity: Info
2023/09/15 16:34:12.881377 7f0159dccdb0:ldapAuthMgr_GetLdapServiceRefByKey:02371: Failed to get LDAP service object by name - rc: LDAP_SERVICE_NOT_FOUND
2023/09/15 16:34:12.881425 7f0159dccdb0:ldapAuthMgr_GetAuthorizerPassword:00268: password-len: 9, rc: 65
2023/09/15 16:34:12.881481 71d000003655:mosOsThrd_StartFunc:00576: Starting thread () tid 13909
2023/09/15 16:34:12.881591 71d000003655:mosLdap_InitConnection:00205: Connection was successfully established to ldaps://14.14.14.33:636 ldap service
2023/09/15 16:34:13.003621 71d000003655:mosLdap_Bind:00130: After ldap_sasl_bind - rc: 0, msg-id: 1
2023/09/15 16:34:13.045002 71d000003655:mosLdap_ParseBindResult:00218: ldap_sasl_bind: Invalid credentials (49)
2023/09/15 16:34:13.045010 71d000003655:mosLdap_ParseBindResult:00225: Additional information: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839
2023/09/15 16:34:13.045014 71d000003655:mosLdap_Bind:00178: Failed to bind to ldap service with username a172001
2023/09/15 16:34:13.045180 71d000003655:mosLdap_SearchUserInDomainGroupsIntr:00581: User "a172001" was found in 0 groups - search-user: a172001, bind-user: a172001, rc: LDAP_AUTHENTICATION_FAIL, time: 170 ms
2023/09/15 16:34:13.045220 7f0159dccdb0:ldapAuthMgr_Authenticate:00736: LDAP authentication search for user: a172001 in domain: ldaps://duoproxy.prci.com:636 didn't find any matches (LDAP_AUTHENTICATION_FAIL)
2023/09/15 16:34:13.045247 7f0159dccdb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login was not successful. Error code: User authentication on LDAP service failed. Please check username and password.


嘗試登入時,出現的輸出錯誤會類似以下所示:

scli --login --username sio@sio.lab --password 'Scaleio123!' --ldap_authentication
Error: MDM failed command. Status: user authentication on LDAP service failed. Please check username and password.

 

Cause

使用 PowerFlex 進行 LDAP 驗證時,第三方平衡器可能會阻礙 LDAP 流量。

Resolution

可能的因應措施是在使用 SCLI 建立 LADP 服務時,將 LDAP 認證直接指向網域控制站。通過這樣做,您可以繞過第三方均衡器導致的任何潛在阻塞或問題。

您必須刪除並重新建立 LDAP 服務,才能使用 SCLI 將其直接指向網域控制站。

Additional Information

受影響的版本

所有 PowerFlex 版本

已修正問題的版本

N/A

Affected Products

PowerFlex rack, ScaleIO
Article Properties
Article Number: 000218362
Article Type: Solution
Last Modified: 22 May 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.