Troubleshooting
Problem
The administrator configured Active Directory authentication, however, they are not allowed to log in to QRadar using the Active Directory credentials.
Symptom
Active Directory authentication is handled by a JAAS Lounge plugin in QRadar. When there is an Active Directory configuration issue, the log in /var/log/qadar.log can display following message:
[org.jaaslounge.ldaplm.LDAPLoginModule] JaasLounge version: 0.3.0
[org.jaaslounge.ldaplm.LDAPLoginModule] mode: null
[org.jaaslounge.ldaplm.LDAPLoginModule] JaasLounge version: 0.3.0
[org.jaaslounge.ldaplm.LDAPLoginModule] mode: null
Cause
This can be caused if the customer is using the wrong LDAP Domain value.
Environment
QRadar 7.2.4
Diagnosing The Problem
When looking at the 7.2.4 Admin Guide for Configuring Active Directory authentication, there are 2 parameters listed for LDAP Domain where one of them is wrong.
Resolving The Problem
In the QRadar Active Directory field, ensure that the appropriate domain value is configured in both the LDAP Domain (ie: domain.com) and LDAP Context (DC=domain,DC=com) fields.
Example of how the LDAP fields should be configured:
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000GnbgAAC","label":"QRadar->Administration"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
01 April 2020
UID
swg21966535