Jump to content
Welcome to our new Citrix community!

Users can't login without using "DOMAIN\"


Recommended Posts

Citrix ADC firmware 13.1 9.60

 

Following an ADC firmware upgrade from 12.1 to 13.1 9.60 we have reports of certain user accounts are unable to authenticate on the Gateway page for Storfront access.

The users see the gateway page go grey and see a spinning circle. 

If the users affected login with "Domain\Username" then this works fine. Before the upgrade the users have always logged in with just "Username"

All working and non-working users connect to the same group of LDAP servers for authentication.

I have tested one of the affected user accounts on 3 other desktops and 4 browsers and don't see any problems, i.e logs in fine with "Username"

This user has a Win 10 desktop and has tried logging in via a Chrome and Edge browser.

 

This is what aaadebug shows when the user attempts to logon with "Username"....

 

 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[966]: receive_ldap_user_search_event 0-134477: User search succeeded, attempting user authentication(Bind) for <SJones>
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[511]: ns_ldap_check_result 0-134477: For user SJones, LDAP authentication failed (error 49): Invalid credentials
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2262]: receive_ldap_user_bind_event 0-134477: ldap_bind user failed for user SJones
 /usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2289]: receive_ldap_user_bind_event 0-134477: Doing ldap authentication for user SJones, Other invalid credentials: lctx->lflags = 00000000, lconf->flags = 00000004
 /usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[5142]: send_reject_with_code 0-134477: sending reject to kernel for : SJones

 

 

Link to comment
Share on other sites

In your Configuration > Citrix Gateway > Virtual Server > {VirtualServerName} > Policies > Session Policies > {SessionPolicyName}  > Profile > Published Applications do you have a "Single Sign-on Domain" defined?

(You could also have it globally defined in your Configuration > Citrix Gateway > Change Global Settings > Published Applications)

 

Do you have more than one -domain being authenticated for our users?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...