Debugging Authentication problems in Citrix ADC / NetScaler using the aaad.debug file

last update: October 2nd 2018

This is the second part of debugging logon. The first one, a network trace about LDAP, may be found here.

Citrix ADC / NetScaler logs all events related to AAA (authentication, authorization, auditing) to /tmp/aaad.debug

Citrix ADC / NetScaler aaad.debug explained in detail
You need to be nsroot or superuser to successfully log on to the BSD shell. This is a requirement to change to BSD shell. Change to the /tmp directory. There you find a file called aaad.debug. A file? No, it’s a pointer. Pointers always have a size of 0 and point to the output of a process, in this case to the aaa-deamon.


Doing analysis on a real world aaad.debug output

It was done on firmware version 12.1.49.23. I have not removed any lines, but I don’t explain all of them as they are many and some are of no importance to me.

There are several phases:

  1. Initialization phase
  2. Picking the first policy
  3. Initiating comunication to first server
  4. Logging on the Administrative Bind DN
  5. Looking up the user
  6. Checking user’s password

Mon Oct 1 15:24:31 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[684]: main 0-0: timer 2 firing…

This is a periodic message. It is on no importance to our debugging and may safely be ignored.


Initiating authentication

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[886]: process_kernel_socket 0-14029: partition id is 0Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[1093]: process_kernel_socket 0-14029: ns_aaad_decrypt_auth not done

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[1127]: process_kernel_socket 0-14029: call to authenticate user :johannes.norz, vsid :10315, userlen 13

This is the beginning of the actual logon process

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[1176]: process_kernel_socket 0-14029: call to authenticate user:johannes.norz, vsid :10315, req_flags 2

Yes! That’s what we want! Let’s authenticate this johannes.norz!


Communicating to an authentication source

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[4685]: start_cascade_auth 0-14029: starting cascade authentication

Authentication in Citrix ADC / NetScaler is a so called cascading authentication. This means, we start with the most important authentication policy (the one with the lowest binding priorty) and walk them all down to the last one.

We authenticate to the first policy. If we are able to authenticate successfully we stop here. If we fail, no matter why (user not found, invalid password) we’ll try the next one and so on.


Initiating comunication with the first policy

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[4795]: cascade_auth 0-14029: starting ldap auth for: johannes.norz, sizeof(*ar) is 28, userlen 14

My first policy is a LDAP policy, so we do LDAP. The length of the username is 13 characters plus a trailing character 0, so 14 characters passed to this policy.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[117]: start_ldap_auth 0-14029: Starting LDAP auth

Authentication started using this LDAP policy

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[141]: start_ldap_auth 0-14029: attempting to do ldap auth for johannes.norz @ 192.168.0.15

So we try to authenticate this johannes.norz to LDAP server at 192.168.0.15

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[143]: start_ldap_auth 0-14029: LDAP referrals are OFF

Referrals this is about cross domain logon. It’s a Microsoft topic. We don’t search across domains, so it’s turned off by default.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[144]: start_ldap_auth 0-14029: LDAP referral nesting depth 0

This is about searching foraing domains. As referrals is turned off we searf 0 additional domains.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[843]: continue_ldap_init 0-14029: Connecting to:192.168.0.15:389

Finally we connect to 192.168.0.15 on LDAP standard TCP port 389.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5013]: register_timer 0-14029: setting timer 56004

setting a time-out for this authentication attempt.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5090]: unregister_timer 0-14029: releasing timer 56004

clearing that timer.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[923]: ns_ldap_set_up_socket 0-14029: Server certificate hostname = NULL

This is plain text LDAP. Plain text LDAP is a security risk, so you should change to TLS or SSL instead! Passwords get transmitted unencrypted in plain text LDAP. See my post about LDAP authentication network traces!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[970]: ns_ldap_set_up_socket 0-14029: Set cert verify level 0

We would not verify the issuer of a certificate presented by this LDAP server. This is a global SSL setting (Load balancing → SSL: Change advanced SSL settings → Strict CA checks)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[973]: ns_ldap_set_up_socket 0-14029: Getting cipher suite global value

Not needed here as this is plain text. It’s about ciphers. Only valid with TLS / SSL. I skip some more SSL related settings as I’m not interested in these.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[976]: ns_ldap_set_up_socket 0-14029: Checking non-zero cipher suite
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[986]: ns_ldap_set_up_socket 0-14029: NULL cipher suite. Using default.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[992]: ns_ldap_set_up_socket 0-14029: Freeing cipher suite value
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[999]: ns_ldap_set_up_socket 0-14029: Done with cipher suite
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[1072]: ns_ldap_set_up_socket 0-14029: Sectype: 1

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[1077]: ns_ldap_set_up_socket 0-14029: Successfully established connection to NULL

I love this one: We successfully connected to the LDAP server, so all firewalls are OK, the server is up and running, a perfect result for the connection phase!


Logging on the Administrative Bind DN

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5013]: register_timer 0-14029: setting timer 56005

so again: setting a timer for this logon attempt. Logon will fail if server is not fast enough.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[197]: receive_ldap_bind_event 0-14029: receive ldap bind event

So let’s start authenticating administrative bind DN!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 97 (LDAP_RES_BIND)

Let’s check if this was successful?

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-14029: ldap_result found expected result LDAP_RES_BIND

That’s an other one I like: We made it (as expected)!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[209]: receive_ldap_bind_event 0-14029: Bind OK

so bind attempt was OK (as we already know)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5090]: unregister_timer 0-14029: releasing timer 56005

so we unset the timer

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[278]: receive_ldap_bind_event 0-14029: Original slen: 13


Looking up the user

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[302]: receive_ldap_bind_event 0-14029: User name: dirty = <johannes.norz> sanitized = <johannes.norz>

We start authentication from here: The user we want to authenticate is johannes.norz. “Dirty” as this is it’s user name, not the LDAP user name.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[304]: receive_ldap_bind_event 0-14029: Admin bind successful, attempting user search event for johannes.norz

So let’s search for this user’s LDAP user name.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1843]: get_email_attribute 0-14029: Email attribute: <mail>, length 5

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[1238]: ns_ldap_search 0-14029: Searching for <<(| (objectClass=domainDNS) (& (sAMAccountName=johannes.norz) (objectClass=*)))>> from base <<dc=intern,dc=norz,dc=at>>

So we’re gona search for a user called johannes.norz in a LDAP directory called dc=intern,dc=norz,dc=at (AD name: intern.norz.at)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5013]: register_timer 0-14029: setting timer 56006

Again, setting a timer. Attempt will time out if the domain controller is not fast enough.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[1262]: ns_ldap_search 0-14029: Sent user search query.

finally we asked the domain controller about this user. We’re waiting for a reply.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.

And we received a reply!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)

Let’s see what we received?

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[443]: ns_ldap_check_result 0-14029: Got result 0. Non-event, continuing

100% honest: I don’t understand this one. Seems like we did not yet see useful results. This will go on for a while.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[443]: ns_ldap_check_result 0-14029: Got result 0. Non-event, continuing
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[443]: ns_ldap_check_result 0-14029: Got result 0. Non-event, continuing
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[443]: ns_ldap_check_result 0-14029: Got result 0. Non-event, continuing
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[443]: ns_ldap_check_result 0-14029: Got result 0. Non-event, continuing
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[399]: receive_ldap_user_search_event 0-14029: Received LDAP user search event.
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 101 (LDAP_RES_SEARCH_RESULT)
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-14029: ldap_result found expected result LDAP_RES_SEARCH_RESULT
Mon Oct 1 15:24:33 2018

/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[411]: receive_ldap_user_search_event 0-14029: received LDAP_OK
Mon Oct 1 15:24:33 2018

Finally: We found this very user! (so the user is there. It would return an error if this user is not a member of this LDAP. We still don’t know anything about the password!)

/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5090]: unregister_timer 0-14029: releasing timer 56006

we have set this timer, so we have to release it

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[441]: receive_ldap_user_search_event 0-14029: Binding user… 2 entries

OK. Perfect. So let’s do analysis

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[442]: receive_ldap_user_search_event 0-14029: Admin authentication(Bind) succeeded, now attempting to search the user johannes.norz

Is this the right record (it will always be as long as your AD is OK)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[445]: receive_ldap_user_search_event 0-14029: Number of entires in LDAP server response = 2

There are 2 entries in server response (this was expected)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[459]: receive_ldap_user_search_event 0-14029: [0]: Object = 0x29ea2580

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[657]: extract_ldap_multi_value_attribute 0-14029: While retrieving ldap attribute objectClass, 3 attribute values found for johannes.norz

This user has 3 attributes in it. So we extracted these atributes, I don’t understand the next some lines in detail, if you do, please tell me!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[336]: check_for_domain_dns 0-14029: Extracted attribute, name: objectClass, value: top,domain,domainDNS
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[340]: check_for_domain_dns 0-14029: Found objectClass of type domainDNS
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[476]: receive_ldap_user_search_event 0-14029: Updated usrobj_domaindns for user johannes.norz
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[459]: receive_ldap_user_search_event 0-14029: [1]: Object = 0x29ea25c0
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[657]: extract_ldap_multi_value_attribute 0-14029: While retrieving ldap attribute objectClass, 4 attribute values found for johannes.norz

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[336]: check_for_domain_dns 0-14029: Extracted attribute, name: objectClass, value: top,person,organizationalPerson,user

This is a user object (culd be ay other object in AD like a computer, a group, …)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[344]: check_for_domain_dns 0-14029: Did not find objectClass of type domainDNS
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[485]: receive_ldap_user_search_event 0-14029: Updated usrobj for user johannes.norz

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[515]: receive_ldap_user_search_event 0-14029: User DN= <<CN=Johannes Norz,OU=Users,OU=Our’s,DC=intern,DC=norz,DC=at>>

This is what I wanted to see: The LDAP user name of this user! This line proves: This is a valid LDAP user, the user is there and we may continue logging on this user. Together with this user we also received some more attributes, so next we will look into these.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[2184]: check_pwd_last_set 0-14029: pwdLastSet = 181148089699403926, value = 43522

we may need some attributes in addition. For example: This password was set last May

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[2210]: check_max_pwd_age 0-14029: maxPwdAge = -863136000000000, value = 999

This is the mayimum age for passwords (this user is not mandated to change his password)

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[2247]: set_days_for_pwd_exp 0-14029: (set_days_for_pwd_exp) INPUT: pwd_last_set = 42622, max_pwd_age = 999

Again, values needed to force a password-change plus several more, I skip these.

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[2260]: set_days_for_pwd_exp 0-14029: days_since_1970 = 17806, days_since_pwd_last_set = 752, days_for_pwd_exp = 247
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[624]: extract_ldap_attribute 0-14029: retrieved pwdLastSet value 131178981698422956 for johannes.norz, length is 18
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1843]: get_email_attribute 0-14029: Email attribute: <mail>, length 5
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[560]: extract_ldap_attribute 0-14029: While retrieving ldap attributes mail attribute not found for johannes.norz
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1843]: get_email_attribute 0-14029: Email attribute: <mail>, length 5
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[710]: receive_ldap_user_search_event 0-14029: Failed to extract attribute, name: mail
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1843]: get_email_attribute 0-14029: Email attribute: <mail>, length 5
Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[730]: receive_ldap_user_search_event 0-14029: For user johannes.norz, group stringLength 21

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[739]: receive_ldap_user_search_event 0-14029: built group string for johannes.norz of:PublishedApps
FaNorz

This is about group membership: This user is member of 2 groups, PublishedApps and FaNorz. This is an important information as we use groups to grant access to applications and set session policies.


Checking user’s password

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[770]: receive_ldap_user_search_event 0-14029: User search succeeded, attempting user authentication(Bind) for <johannes.norz>

Now we know the name of this user, we try to authenticate it!

Mon Oct 1 15:24:33 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5013]: register_timer 0-14029: setting timer 56007

Again, setting a timer. Authentication will fail if AD is too slow

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1450]: receive_ldap_user_bind_event 0-14029: Got user bind event.

We received data from AD

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-14029: checking LDAP result. Expecting 97 (LDAP_RES_BIND)

Let’s see what it is?

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-14029: ldap_result found expected result LDAP_RES_BIND

It’s a result we expected

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1459]: receive_ldap_user_bind_event 0-14029: Bind OK.

Heureca! It’s an OK! So the password specified was OK. Result could also have been a fail.

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[5090]: unregister_timer 0-14029: releasing timer 56007

Let’s kill the timer, we already received a result.

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/ldap_drv.c[1553]: receive_ldap_user_bind_event 0-14029: User authentication (Bind event) for user johannes.norz succeeded

We authenticated it successfully.

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[3530]: send_accept 0-14029: sending accept to kernel for : johannes.norz

A message to kernel: johannes.norz is a kosher user! No problem about this guy!

Mon Oct 1 15:24:34 2018
/home/build/rs_121_49_14_RTM/usr.src/netscaler/aaad/naaad.c[3448]: aaad_alloc_serialize_keyValue_attrs 0-14029: Total attribute values to PE : 53, pwd_last_set=131178981698422956

Some more information about passwords.


Hope this one was useful to you. I’d be glad to get feedback or some more insight information on understanding this aaad.debug log. Just comment to this article!

Leave a Reply

Your email address will not be published. Required fields are marked *