APAR status
Closed as program error.
Error description
It has been identified that LDAP user authentication for logging into QRadar can fail after performing the patch to QRadar 7.3.2 patch 3 due to a change in how QRadar handles AD authentication when the domain name of QRadar is not matched to the domain name of the Active Directory (AD) server. The Key Distribution Center (KDC) complains that the client name is not matching. This can occur when we have a different domain from realms other than the domain in QRadar host.
Local fix
Under Admin -> Authentication, edit the Domain input field in the Active Directory Authentication Module to use upper case letters.
Problem summary
This issue was fixed in QRadar QRM QVM release of 7.3.2 Patch 4.
Problem conclusion
This issue was fixed in QRadar QRM QVM release of 7.3.2 Patch 4.
Temporary fix
Comments
APAR Information
APAR number
IJ17937
Reported component name
QRADAR SOFTWARE
Reported component ID
5725QRDSW
Reported release
732
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-07-29
Closed date
2019-08-16
Last modified date
2019-08-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
QRADAR SOFTWARE
Fixed component ID
5725QRDSW
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"732","Edition":""}]
Document Information
Modified date:
16 August 2019