对 Active Directory (AD) 使用第三方多因素身份验证 (MFA) 时,PowerFlex LDAP 身份验证失败。

Summary: 对 Active Directory 使用第三方多因素身份验证 (MFA) 时,PowerFlex LDAP 身份验证失败。第三方平衡器可能会阻止 LDAP 流量,从而导致 LDAP 登录失败。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • 失败的身份验证尝试:用户无法使用 LDAP 凭据在 PowerFlex 中进行身份验证。
  • 直接 AD 身份验证没有问题:用户也许能够直接向 Active Directory 进行身份验证,而不会出现任何问题,但是当他们通过 PowerFlex 使用 LDAP 时,就会出现问题。

主 MDM (PMDM) trc 日志将显示类似的输出,如下所示:

2023/09/15 16:34:12.881368 7f0159dccdb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login received, User: 'a172001'. [20874]". Additional info: ". Originating source IP: 127.0.0.1" Severity: Info
2023/09/15 16:34:12.881377 7f0159dccdb0:ldapAuthMgr_GetLdapServiceRefByKey:02371: Failed to get LDAP service object by name - rc: LDAP_SERVICE_NOT_FOUND
2023/09/15 16:34:12.881425 7f0159dccdb0:ldapAuthMgr_GetAuthorizerPassword:00268: password-len: 9, rc: 65
2023/09/15 16:34:12.881481 71d000003655:mosOsThrd_StartFunc:00576: Starting thread () tid 13909
2023/09/15 16:34:12.881591 71d000003655:mosLdap_InitConnection:00205: Connection was successfully established to ldaps://14.14.14.33:636 ldap service
2023/09/15 16:34:13.003621 71d000003655:mosLdap_Bind:00130: After ldap_sasl_bind - rc: 0, msg-id: 1
2023/09/15 16:34:13.045002 71d000003655:mosLdap_ParseBindResult:00218: ldap_sasl_bind: Invalid credentials (49)
2023/09/15 16:34:13.045010 71d000003655:mosLdap_ParseBindResult:00225: Additional information: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839
2023/09/15 16:34:13.045014 71d000003655:mosLdap_Bind:00178: Failed to bind to ldap service with username a172001
2023/09/15 16:34:13.045180 71d000003655:mosLdap_SearchUserInDomainGroupsIntr:00581: User "a172001" was found in 0 groups - search-user: a172001, bind-user: a172001, rc: LDAP_AUTHENTICATION_FAIL, time: 170 ms
2023/09/15 16:34:13.045220 7f0159dccdb0:ldapAuthMgr_Authenticate:00736: LDAP authentication search for user: a172001 in domain: ldaps://duoproxy.prci.com:636 didn't find any matches (LDAP_AUTHENTICATION_FAIL)
2023/09/15 16:34:13.045247 7f0159dccdb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login was not successful. Error code: User authentication on LDAP service failed. Please check username and password.


尝试登录时,看到的输出错误将类似于如下所示:

scli --login --username sio@sio.lab --password 'Scaleio123!' --ldap_authentication
Error: MDM failed command. Status: user authentication on LDAP service failed. Please check username and password.

 

Cause

使用 PowerFlex 进行 LDAP 身份验证时,第三方平衡器可能会阻止 LDAP 流量。

Resolution

一种可能的解决方法是在使用 SCLI 创建 LADP 服务时,将 LDAP 身份验证直接指向域控制器。通过执行此作,您可以绕过由第三方平衡器引起的任何潜在阻塞或问题。

您必须删除并重新创建 LDAP 服务,以使用 SCLI 将其直接指向域控制器。

Additional Information

受影响的版本

所有 PowerFlex 版本

已修复问题的版本

N/A

Affected Products

PowerFlex rack, ScaleIO
Article Properties
Article Number: 000218362
Article Type: Solution
Last Modified: 22 May 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.