Patrick Kennelly Posted July 18, 2016 Share Posted July 18, 2016 Some users seemed to be getting locked out randomly when using the VPN on NS 10.5. I have a program that tell me when an account is locked and where from. Usually it iwill say PC1234, but in this case it comes up as NETSCALER. Any ideas or what logs to look in? Thanks Link to comment Share on other sites More sharing options...
Paul Blitz Posted July 18, 2016 Share Posted July 18, 2016 There should be information in the Syslog, which you can view and filter from the GUI. How is your LDAP auth set up? Is it using a Load Balancer, or do you simply have multiple LDAP policies (pointing to multiple DCs) bound to the vserver? You'll find that the requests will come from the NSIP (SNIP if load balanced), which is why they appear to come from the NS. Link to comment Share on other sites More sharing options...
Patrick Kennelly Posted July 18, 2016 Author Share Posted July 18, 2016 Just 2 LDAP servers bound to the Vserver. Link to comment Share on other sites More sharing options...
Patrick Kennelly Posted July 18, 2016 Author Share Posted July 18, 2016 What would I look for in the NS logs? Link to comment Share on other sites More sharing options...
Patrick Kennelly Posted October 13, 2016 Author Share Posted October 13, 2016 Anyone? If I deliberately lock out my account, I see the origin client as my laptop, but these users are seeing NETSCALER, that’s not hostname of my NetScaler’s Link to comment Share on other sites More sharing options...
Patrick Kennelly Posted October 18, 2016 Author Share Posted October 18, 2016 I see this in the domain controler logs The computer attempted to validate the credentials for an account.Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon Account: user.nameSource Workstation: NETSCALERError Code: 0xC000006A Link to comment Share on other sites More sharing options...
Paul Blitz Posted October 18, 2016 Share Posted October 18, 2016 What happens is that the client enters the credentials on the netscaler login page. The netscaler then uses its credentials to do an LDAP check on the client's credentials, so yes, the LDAP request is indeed coming from your netscaler. When a user logs in with bad credentials, it will fail on the first bound LDAP, so Netscaler will now try the second LDAP. From the domain's perspective, it just saw TWO bad logins. If the user logs in a second time with bad credentials, that's a 3rd and 4th bad login = account locked. That is (one reason) why an LDAP load-balancer should be used: each user login (bad) request then only causes the domain to see ONE bad login. Bad logins should show up in the Netscaler syslog, so you might want to go take a look to see if that gives some hints. You can monitor logins real-time by going to the CLI, then typing "shell" and then "cat /tmp/aaad.debug" (ctrl-c to stop) 1 Link to comment Share on other sites More sharing options...
Vivak HANGLOO1709158821 Posted March 14, 2019 Share Posted March 14, 2019 Did you find any solution for this?? Link to comment Share on other sites More sharing options...
Dhandapani K1709161007 Posted April 29, 2022 Share Posted April 29, 2022 Hello All, Is there any solution found for this issue. we are experiencing the same issue with many users. Link to comment Share on other sites More sharing options...
Tim Sievers Posted June 10, 2022 Share Posted June 10, 2022 If anyone is still struggling with this, it's very possible that you need to add the full distinguished name and not user@domain for the bind DN that the documentation alludes to. Bad: citrix@domain.org Good: CN=citrix,OU=Users,DC=domain,DC=org Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now