- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x
You are experiencing a timeout when users authenticate themselves through the Barracuda NG Firewall infrastructure daemon (phibs).
For phibs authentication to work with MSAD, several requirements have to be met. Most possibly, a necessary prerequisite in not fulfilled.
Check the following features for functionality:
1. phibsd must be able to establish a connection to the domain controller via TCP port 389.
Check: Test a telnet connection on command-line to the Active Directory.
telnet <domain controller IP> 389
2. The "searching user" must be assigned the correct permissions. The "Base DN" has to be specified correctly.
Check: Insert "searching user" and "Base DN" into the LDAP-Browser. You will be able to find the user with the browser if correct permissions have been assigned to him.
3. The hostname of the domain controller must be DNS resolvable.
Check: Log on to the box at the command line interface. Use nslookup to check for the domain controller's hostname.
If for any reason the hostname is not DNS resolvable, browse to "Config" > "Box" > "Administrative Settings" > "DNS Settings" in the NG Admin, and enter the name into the "Known Hosts" ("Advanced View" must be activated) field.
4. Finally, check the output of the authentication procedure with the tool "phibstest" at the command line interface. The option "-h" display a list of available usage options. Further information about the usage are descripted in KB Article 00005118.
For phibs authentication to work, all these checks have to be completed successfully.