Jump to content
Welcome to our new Citrix community!

Netscaler ldap server gets and error "string too short [password,1]"


Recommended Posts

Dear community,

 

Netscaler version: 13.0 build 90.7
Setup: New
Scope: Citrix Gateway with storefront authentication with LDAP 

 

When creating the LDAP server we are getting an error "String too short [password,1]" We have used the following settings.
LDAP server IP, Plaintext, 389, base DN and user account is used. We have tried adding this through even gateway configuration wizard but we face the same issue.

error.JPG

Link to comment
Share on other sites

Is the error in the GUi when creating the action, the GUI when attempting the authentication test, or the cli?

I would also look at this error in syslog to see the full message being returned in case there is additional information.

 

As Carl mentioned, if it works in cli but fails in GUI, then it is likely a GUI bug.

If it is failing in the authentication "test" in the GUI, then skip the test as the test may be the bug but the policy may work.

If its failing in cli too, check if your password meets the Active Director minimum password requirements?

 

Or try a different build to see if this is a build specific issue.

 

Release notes for 13.0.90.7 has following password related issues: https://docs.citrix.com/en-us/citrix-adc/13/citrix-adc-release-notes/release-notes-13-0-90-7.html

If the admin password for LDAP, RADIUS or TACACS services contains the double quotes (“) character, the Citrix ADC appliance strips it during the “Test Connectivity” check, resulting in connection failure.

[ NSHELP-23630 ]

 

 

Also, check to see if you enabled strong password or minimum password length on the ADC itself (newer setting I know is in 13.1; don't know if it was also in 13.0):

https://docs.citrix.com/en-us/citrix-adc/current-release/system/authentication-and-authorization-for-system-user/user-account-and-password-management.html#strong-password-configuration-for-system-users

https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/system/system-parameter/

It might be enforcing this external password against the ADC local password requirements depending on settings for "enable all" vs "enabled local".

Or the comparison engine is making a mistake.

 

show system parameter

Look for -strongpassword

and whether enableall or enablelocal was specified.

 

Link to comment
Share on other sites

21 hours ago, Carl Stalhood1709151912 said:

Does it work from the CLI?

Thanks Carl, before trying thru the CLI, we just continued the setup process and ignored that error. Then we reboot the server and after checking on the configuration wizard it shows ldap as active.

Just to be sure about the authentication we did try the aaad.debug command and the logs showed that the users are being authenticated. 

May be this can be a Gui bug not sure. 

Link to comment
Share on other sites

20 hours ago, Rhonda Rowland1709152125 said:

Is the error in the GUi when creating the action, the GUI when attempting the authentication test, or the cli?

I would also look at this error in syslog to see the full message being returned in case there is additional information.

 

As Carl mentioned, if it works in cli but fails in GUI, then it is likely a GUI bug.

If it is failing in the authentication "test" in the GUI, then skip the test as the test may be the bug but the policy may work.

If its failing in cli too, check if your password meets the Active Director minimum password requirements?

 

Or try a different build to see if this is a build specific issue.

 

Release notes for 13.0.90.7 has following password related issues: https://docs.citrix.com/en-us/citrix-adc/13/citrix-adc-release-notes/release-notes-13-0-90-7.html

If the admin password for LDAP, RADIUS or TACACS services contains the double quotes (“) character, the Citrix ADC appliance strips it during the “Test Connectivity” check, resulting in connection failure.

[ NSHELP-23630 ]

 

 

Also, check to see if you enabled strong password or minimum password length on the ADC itself (newer setting I know is in 13.1; don't know if it was also in 13.0):

https://docs.citrix.com/en-us/citrix-adc/current-release/system/authentication-and-authorization-for-system-user/user-account-and-password-management.html#strong-password-configuration-for-system-users

https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/system/system-parameter/

It might be enforcing this external password against the ADC local password requirements depending on settings for "enable all" vs "enabled local".

Or the comparison engine is making a mistake.

 

show system parameter

Look for -strongpassword

and whether enableall or enablelocal was specified.

 

Thanks Rhonda for the detailed explanation, before trying thru the CLI, we just continued the setup process and ignored that error. Then we reboot the server and after checking on the configuration wizard it shows ldap as active.

Just to be sure about the authentication we did try the aaad.debug command and the logs showed that the users are being authenticated. 

May be this can be a Gui bug as suggested. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...