IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to synchronize usergroup

 
jhooverpfcu
Occasional Advisor

Unable to synchronize usergroup

We are having issues with IMC 7.3 TAM not functioning. TACACS was working on our HP switches just last week then it randomly stopped today saying authentication failed incorrect password in the authentication log. I have LDAP setup and it tests fine when going through the system > operator management > authentication server and under user > user access policy > LDAP service > LDAP Server. 

 

When I try to do Synchronize user group it says no matched LDAP server exists. When I query the tam.tbl_tam_ldap_user I can see an outdated list of user accounts and all the passwords are null, I assume it should show something hashed there. 

 

The TAM log shows the following over and over

 

[WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [14332] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [read_packet] Read head of packet fail, return NULL.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [get_authen_continue] Read continue packet fail.
% 2019-05-14 13:16:03 ; [WARNING (2)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [getInfoFromNAS] Null reply packet, expecting CONTINUE.
% 2019-05-14 13:16:03 ; [ERROR (1)] ; [13764] ; MNG ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; [processAuthenASCII] Get username fail with the error msg E65011: No reply while expecting CONTINUE packet..

2 REPLIES 2
NeilR
Respected Contributor

Re: Unable to synchronize usergroup

Hi - I'm using UAM to do LDAP authentication. I've recently had some weird issue where it does not seem to communicate properly but I probably different from yours.

I looked in the ead db tble_ldap_user where UAM puts users. While some of the password fields do have a hash most are null.. I don't thiink IMC stores the password hash under most circumstances. Syn_date is varied and recent for those w and w/o hash

The Test button for the ldap server config only tests IMC can connect to the ldap server,  and the configuration test verifies the based OU, not whether the whole process is working unfortunately

I assume you did check the root server certificate valid period.

The log message below look to me like communication issue between the switch and IMC. But it may just be the log syntax if its all installed on one server. But I'd suggest you use wireshark and check communication between swtich and IMC.

jhooverpfcu
Occasional Advisor

Re: Unable to synchronize usergroup

Root certificate is good, when I do the sync user group nothing shows up in a packet capture but when I go into User > User Access Policy > Sync Policy > Synchronize LDAP Users  I see the appropriate users returned for the LDAP Sync but for whatever reason TACACS will not function.

 

It always says invalid password the strange thing is if I create a device user manually in IMC it works fine. It is almost like LDAP is syncing the username but not the password.