Connectrix B-Series: LDAP authentication failure when using a username without a domain name.

           

   Article Number:     500751                                   Article Version: 3     Article Type:    Break Fix 
   

 


Product:

 

Connectrix B-Series Fabric OS 7.X 7.4.1d,Connectrix MP-7840B,Connectrix ED-DCX6-4B,Connectrix ED-DCX6-8B,Connectrix DS-6620B

 

Issue:

 

 

As per Brocade FOS Admin Guide, the switch should automatically add the configured domain name for authentication.   
   
    When authentication is performed by User-Principal-Name, in Fabric OS 7.1.0 and later releases, the suffix part of the name (the @domain-name part) can be omitted when the user logs in. If the suffix part of the User-Principal-Name name is omitted, the domain name configured for the LDAP server (in the aaaConfig --add command) is added and used for authentication purposes.   
   
    But when attempting to login to the switch that is configured for LDAP using just the username, authentication failed.   
   
    User-added image   
   
    After appending the domain name, login succeeded.   
   
    User-added image   
   
    The switch has been configured properly.   
   
    aaaConfig --show -npage      :     
      LDAP CONFIGURATIONS     
      ===================     
      Position                 : 1     
      Server                   : <AD server 1>     
      Port                     : 389     
      Domain                   : exmple.com     
      Timeout(s)               : 3     
      Position                 : 2     
      Server                   : <AD server 2>     
      Port                     : 389     
      Domain                   : exmple.com     
      Timeout(s)               : 3
   
   
    The issue has been observed on Connectrix MP-7840B/ED-DCX6/DS-6620B, the other switch models like MP-7800B/ED-DCX8510 work as expected, with the same configuration.
                                                           

 

 

Cause:

 

 

When attempting to login to a Connectrix MP-7840B/ED-DCX6/DS-6620B that is configured for LDAP using just username, the domain may not be appended. When it is not appended, some LDAP servers may reject the login.   
   
    Brocade defect ID is DEFECT000622430, which is first observed in FOS 7.4.1d.
                                                           

 

 

Resolution:

 

 

The workaround in FOS 7.4.1d is to use the full user/domain name when logging into the switch.   
   
    The defect is permanently fixed in FOS 7.4.2/8.0.2b and later firmware.
                                                           

 

 

Notes:

 

 

Refer to Brocade KB#000012409.