BugZero | Dell BugID 218271 - Avamar: LDAP Authentication is broken after upgrad...

Dell - Defect ID: 218271

Avamar: LDAP Authentication is broken after upgrade from v19.8 to v19.9

Dell - Defect ID: 218271

Avamar: LDAP Authentication is broken after upgrade from v19.8 to v19.9

Last updated on 12/19/2023

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 29
Article View Count: 294
Impact Category:

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 29
Article View Count: 294
Impact Category:

Symptoms

Ldap login to the Avamar UI failed with error: "LDAP authentication failed: null"mcserver.log.0 shows the following error: INFO: LDAP - authenticate user: (user_ldap@test.lab.in). 09/22-12:58:02.00956 [Thread-1077#297368] com.avamar.mc.util.MCException.logException WARNING: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at com.emc.avamar.userauth.service.DirectoryServiceUserAuth.authenticate(DirectoryServiceUserAuth.java:1910) at com.avamar.mc.ldap.LdapManagerService$AuthenticateWaitThread.run(LdapManagerService.java:1809)

Cause

Default encryption types provided in krb5.conf are not supported.

Resolution

Edit krb5.conf and add allow_weak_crypto=true in [libdefaults] section: [libdefaults] section of working krb5.conf should be like: [libdefaults] default_tgs_enctypes = rc4-hmac des3-cbc-sha1-kd des-cbc-crc des-cbc-md5 default_tkt_enctypes = rc4-hmac des3-cbc-sha1-kd des-cbc-crc des-cbc-md5 default_realm = EXAMPLE.COM allow_weak_crypto=true [domain_realm] dc1.test.lab.in=test.lab.IN .dc1.test.lab.in=test.lab.IN [realms] test.lab.IN = { default_domain = test.lab.IN kpasswd_server = dc1.test.lab.in:464 admin_server = dc1.test.lab.in:88 kdc = dc1.test.lab.in:88 }

Support Cases

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Dell - Defect ID: 218271

Avamar: LDAP Authentication is broken after upgrade from v19.8 to v19.9

Dell - Defect ID: 218271

Avamar: LDAP Authentication is broken after upgrade from v19.8 to v19.9

Last updated on 12/19/2023

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Support Cases

Links

Top Dell defects by risk score

Ready to prevent the next vendor outage?