IBM Support

IV08853: JUNIPER SSL VPN CONFIGURATION AND NOT RECIEVING THE CORRECT RESP FROM THE IMS SERVER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • We having problems with configuring the Juniper SSL VPN.

We configured everything like descrived on the info center but
the
TAMESSO server doesn't give the correct reponse to the Juniper
SSL VPN.

we are not recieving the correct response from the IMS Server

You find the logs as attachment.

We tried to logon using the Juniper VPN around 11u56 on the
21/06/2011
with user eu2602 and eu2602test.
Fist problem:

If an registered user logon to the Juniper SSL VPN, the IMS
server is
always using the fallback method and connect the LDAP server to
lookup
de user.
He never recognize the IMS users, so he always run the fallback
method.
We used User principle name, CN and Enterprise user name (with
and
without domainname) to logon on the Juniper VPN.

Second problem:
If the TAMESSO is using the fallback to connect to the LDAP
server
(Radius Realm). He is not able to authenticate the user on the
LDAP
server

[3/08/11 10:58:16:170 CEST] 000057c7 SslVpnMacAcce I   Trying to
authenticate user {eu1811} against external fallback auth
services ..
[3/08/11 10:58:16:170 CEST] 000057c7 BaseFallbackA I   Fallback
LDAP
realm name is {eu.daikin.corpnet}
[3/08/11 10:58:16:248 CEST] 000057c7 AXLRadiusServ I   RADIUS:
User
authentication on LDAP failed.
[3/08/11 10:58:16:264 CEST] 000057c7 BaseAccessWor I   Denying
access as
external fallback auth service failed to authenticate user
{eu1811}
[3/08/11 10:58:16:264 CEST] 000057c7 BaseAccessWor I   Fallback
auth
failed.

We also tried to configure a Radius Realm that connect to an
existing
Radius server but we get exactly the same error message.


Environment:
TAMESSO 8.1 FP3
Windows 2008 R2



RTC 25142  L3 will release a Doc

Local fix

  • N/A

Problem summary

  • Radius authentication through IMS works when the user has a
second factor only. Without second factor, the fallback
option will be used.

Problem conclusion

  • Clarification will be provided in the 8.2 guides.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV08853
    • 

  • Reported component name
    TAM ESSO IM SVR
    • 

  • Reported component ID
    5724V6700
    • 

  • Reported release
    810
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2011-10-07
    • 

  • Closed date
    2011-10-19
    • 

  • Last modified date
    2011-10-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"810","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            23 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback