This is documentation for the Fudo PAM 3.8 version, which is no longer supported. You may want to check documentation for one of the supported Fudo PAM versions: 5.0, 5.1, 5.2, 5.3 or 5.4.
Connecting to servers
Problem |
Symptoms and solution |
Cannot connect to server |
Symptoms:
- User cannot log in.
- Events log entry: Authentication failed: Invalid username kowalski or password.
|
|
Solution:
- Verify that user definition exists in Wheel Fudo PAM database.
- Make the login credentials are correct.
- Make sure that the client software does not have outdated credentials stored.
- Check if the user has a domain defined and make sure it is provided when attempting to log in.
- If there are two users with the same login, one of which has the domain configured the same as the default domain, and the other does not have the domain defined, Wheel Fudo PAM will report authentication problem as it cannot determine which user is trying to connect.
|
|
|
|
Symptoms: events log entry: Unable to establish connection to server zbigniew (10.0.35.53:3399). |
|
Cause: incorrect server configuration. |
|
Solution:
- Verify that the server in question is properly configured (IP address, port number).
- Check if the server is reachable from Wheel Fudo PAM:
- Log in to Wheel Fudo PAM administration panel.
- Select > , Diagnostics tab.
- Enter server address in the Ping section and execute command and test host’s availability.
- Check if the server is reachable on given port number:
- Log in to Wheel Fudo PAM administration panel.
- Select > , Diagnostics tab.
- Enter server address along with the port number in the Netcat section and execute command.
|
Problem |
Symptoms and solution |
When logging in not all of the users see the Wheel Fudo PAM logon screen. |
Cause:
- Credentials stored in RDP client result in users being automatically logged in to remote host.
- Credentials stored in RDP client, user is successfully authenticated against credentials stored so the Wheel Fudo PAM logon screen is not displayed. Next, Wheel Fudo PAM forwards user credentials to target server but they are no longer valid which results in Windows gina being displayed.
|
|
Symptoms:
- Client software message: Connection closed by remote host.
- Events log entry: Failed to authenticate against the server as user root using password.
|
|
Cause: incorrect login credentials. |
|
Solution: provide correct login credentials in server configuration. |
|
|
|
Symptoms:
- RDP client message: Connection refused.
- SSH client message: ssh: connect to host 10.0.1.111 port 10011: Connection refused
|
|
Cause: server has been blocked. |
|
Solution: log in to Wheel Fudo PAM administration panel and unblock the server. |
|
|
Problem |
Symptoms and solution |
Connection is terminated |
Symptoms:
- User tries to log in to server monitored by Wheel Fudo PAM, after entering username and password session is immediately terminated.
- Events log entry: TLS certificate verification failed.
|
|
Solution: |
|
Download new target host certificate in the Target host section. |
|
|
|
Symptoms:
- After entering username and password the connection is terminated.
- Events log entry: RDP connection error.
|
|
Solution: check if in the General tab in TCP-Rdp properties, the Encryption level option is not set to FIPS Compliant . |
|
|
Cannot connect to server |
Symptoms:
- Cannot log in to server with error message User user0 not allowed to connect to server.
- Events log entry: Authentication failed: User user0 not allowed to connect to server.
|
|
Cause: user is not assigned to proper connection. |
|
Solution: add user to appropriate connection object. |
Problem |
Symptoms and solution |
|
Symptoms:
- After entering username and password, the screen freezes.
- Events log entry Terminating session: User user0 (id=848388532111147010) is blocked.
|
|
Cause: user is blocked. |
|
Solution: log in to Wheel Fudo PAM administration panel and unblock the user in question. |
|
|
User has to provide login credentials twice |
Symptoms: user connecting over RDP protocol enters login credentials and immediately afterwards is asked again for the same login information. |
|
Cause: server is a part of an infrastructure managed by connections broker which has detected an active user’s session on another server. |
|
|
|
Symptoms: user connecting over SSH protocol enters login credentials and immediately afterwards is asked again for login information. |
|
Cause: in connection object options for login and password substitution are enabled but the input fields are left blank which results in two fold authentication - first time against Wheel Fudo PAM and second time against the target host. |
|
|
Cannot connect to server over RDP protocol |
Symptoms:
- User connecting over RDP is disconnected a moment after establishing connection.
- Events log entry: RDP server 10.0.0.:33890 has to listen on the default RDP port in order to redirect sessions.
|
|
Cause: connection is redirected to a host which does not listen on port number 3389. |
|
Solution: configure server in question so it accepts user connections on port number 3389. |
|
|
|
Symptoms:
- Events log entry: User user0 has no access to host 192.168.0.1:3389
|
|
Cause: connections broker determines an existing user session on another server and redirects user to that host but it is not configured on Wheel Fudo PAM or the user does not have sufficient access rights to connect to given server. |
|
Solution:
- Make sure that the server object exists.
- Add user to proper safe object.
|
Problem |
Symptoms and solution |
Cannot connect to Telnet5250 server using PC5250 klient revision 20091005 S/20111019 S |
Symptoms: cannot establish connection to target host. |
|
Cause: in case of aforementioned client applications, Wheel Fudo PAM requires setting up additional objects to enable TCP traffic on ports number 449, 8470 and 8476. |
|
Soluiton:
- Add Telnet TN5250 server with default port number.
- Add three server objects with
TCP protocol and following port numbers 449, 8470 and 8476.
- Add
TN5250 listener, in Proxy mode with default port number.
- Add three
TCP listener objects, in Proxy mode, with port numbers 449, 8470 and 8476.
- Add
regular account, define authentication parameters and assign it to the main TN5250 server definition.
- Add three
anonymous accounts and assign each to one of supporting servers.
- Add safe and assign account with corresponding listeners.
|