Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] AD domain password authentication, some users will be prompted that it does not exist

Posted
Updated
Byadmin
Views1

Problem Description

AD domain password authentication, some users will be prompted that it does not exist

Effective troubleshooting steps

  1. Check that the AD domain synchronization organization structure is normal and the group users can see the problematic user name
  2. Check that the authentication policy matched by the user is correct
  3. The authentication debugging prompt is "search failed"

Root cause

  1. The user enters the wrong password too many times, causing the AD domain to lock the user, so IAG cannot retrieve the user.
  2. The authentication policy matches multiple AD domain authentication servers. If the authentication fails, an error message will be displayed and an authentication server will be randomly matched.

solution

Solution 1: Match a single ad authentication server to the user
Solution 2: Do not lock users in the ad domain

Operation Impact Scope

None

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=26681&isOpen=true