No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

iBMC LDAP login fails using NTLM style authentication

Publication Date:  2016-09-08 Views:  118 Downloads:  0
Issue Description

 As it is known, user account record in AD contains several fields, among these fields there are CN field (common name) which represents in AD full name of user, for example "Sergey …….." and SamAccountName field, which represents some short account name for NTLM style authentication, for example "admin-…". Second one is much more convenient for everyday usage than first long name. Customer reported, that then he was using v 1.51 as iBMC firmware, both AD record fields could be used for iBMC login authentication, but when customer upgraded iBMC of some servers to higher than v 1.51, SamAccountName authentication does not work there, only long CN field can login to iBMC, short account name fails to login.


 

Alarm Information
No additional alarm information present in the system log.
Handling Process

As it is seen from iBMC log, short SamAccountName login actually fails, but long CN name the same time succeeds.


This has been confirmed as software bug, connected with upgrade of openldap components to  solve openldap vulnerability, and after that, the higher than v 1.51 version iBMC with new openldap  cause this issue, trigger NTLM user authentication  fails.

END