Good afternoon everyone!
I have a strange issues which I have theories about, but would appreciate what your thoughts might be on it.
Short story, setting up SSL VPN with back end active directory authentication. Setup a new user, non-admin, logged into the user portal fine. This was my test to make sure everything was working fine.
Rolled out to everyone but some users had issues, the live log showed an error rather than a deny, so I made a new security group in AD, put everyone in it and then triggered the pre-fetch. I know I don't need to do this but wanted to see what it would do.
Here comes the errors.
Prefetch Log for a user.
2019:02:08-14:59:33 remote user_prefetch[6754]: # 27 Creating user user.name
2019:02:08-14:59:36 remote user_prefetch[6754]: Failed to set object
2019:02:08-14:59:36 remote user_prefetch[6754]: >=========================================================================
2019:02:08-14:59:36 remote user_prefetch[6754]: $VAR1 = [
2019:02:08-14:59:36 remote user_prefetch[6754]: 'DATATYPE_ARRAY_ELEMENT',
2019:02:08-14:59:36 remote user_prefetch[6754]: {
2019:02:08-14:59:36 remote user_prefetch[6754]: 'remove' => 'user.name@userdomain..com',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'attrs' => [
2019:02:08-14:59:36 remote user_prefetch[6754]: 'number',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'remove'
2019:02:08-14:59:36 remote user_prefetch[6754]: ],
2019:02:08-14:59:36 remote user_prefetch[6754]: 'number' => 1,
2019:02:08-14:59:36 remote user_prefetch[6754]: 'ref' => 'REF_AaaUseUserName',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'name' => 'Removing 1 invalid element(s) \'user.name@userdomain..com\' from the list.',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'attr' => 'email_secondary',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'msgtype' => 'DATATYPE_ARRAY_ELEMENT',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'never_hide' => 0,
2019:02:08-14:59:36 remote user_prefetch[6754]: 'check' => 'input',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'format' => 'Removing %d invalid element(s) \'%s\' from the list.',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'fatal' => undef,
2019:02:08-14:59:36 remote user_prefetch[6754]: 'class' => 'aaa',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'type' => 'user',
2019:02:08-14:59:36 remote user_prefetch[6754]: 'never_fatal' => 1
2019:02:08-14:59:36 remote user_prefetch[6754]: }
2019:02:08-14:59:36 remote user_prefetch[6754]: ];
2019:02:08-14:59:36 remote user_prefetch[6754]: <=========================================================================
Live log for user portal authentication
2019:02:08-13:14:35 remote aua[27247]: id="3006" severity="info" sys="System" sub="auth" name="Trying y.y.y.y (adirectory)"
2019:02:08-13:14:39 remote aua[27247]: id="3006" severity="info" sys="System" sub="auth" name="updateUserObject: failed to set object for user "user.name" - error "DATATYPE_ARRAY_ELEMENT""
2019:02:08-13:14:39 remote aua[27247]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="x.x.x.x" host="" user="user.name" caller="portal" reason="DENIED"
2019:02:08-13:15:07 remote aua[3514]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
2019:02:08-13:15:07 remote aua[3514]: id="3006" severity="info" sys="System" sub="auth" name="Child 27247 is running too long. Terminating child"
My theories are, some form of corruption but I can't figure out if its in the active directory or the UTM, or it's something in the AD attributes as the 4 people this happened to are essentially the 4 founding people of the company 20 or so years ago and been the in AD since 2003 server days.
Any thoughts would be appreciated.
Cheers
Ian
This thread was automatically locked due to age.
