- Community Home
- >
- Networking
- >
- IMC
- >
- Unable to synchronize usergroup
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-14-2019 10:17 AM
тАО05-14-2019 10:17 AM
Unable to synchronize usergroup
We are having issues with IMC 7.3 TAM not functioning. TACACS was working on our HP switches just last week then it randomly stopped today saying authentication failed incorrect password in the authentication log. I have LDAP setup and it tests fine when going through the system > operator management > authentication server and under user > user access policy > LDAP service > LDAP Server.
When I try to do Synchronize user group it says no matched LDAP server exists. When I query the tam.tbl_tam_ldap_user I can see an outdated list of user accounts and all the passwords are null, I assume it should show something hashed there.
The TAM log shows the following over and over
[WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2019 10:40 AM
тАО05-15-2019 10:40 AM
Re: Unable to synchronize usergroup
Hi - I'm using UAM to do LDAP authentication. I've recently had some weird issue where it does not seem to communicate properly but I probably different from yours.
I looked in the ead db tble_ldap_user where UAM puts users. While some of the password fields do have a hash most are null.. I don't thiink IMC stores the password hash under most circumstances. Syn_date is varied and recent for those w and w/o hash
The Test button for the ldap server config only tests IMC can connect to the ldap server, and the configuration test verifies the based OU, not whether the whole process is working unfortunately
I assume you did check the root server certificate valid period.
The log message below look to me like communication issue between the switch and IMC. But it may just be the log syntax if its all installed on one server. But I'd suggest you use wireshark and check communication between swtich and IMC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2019 05:09 AM
тАО05-17-2019 05:09 AM
Re: Unable to synchronize usergroup
Root certificate is good, when I do the sync user group nothing shows up in a packet capture but when I go into User > User Access Policy > Sync Policy > Synchronize LDAP Users I see the appropriate users returned for the LDAP Sync but for whatever reason TACACS will not function.
It always says invalid password the strange thing is if I create a device user manually in IMC it works fine. It is almost like LDAP is syncing the username but not the password.