Strange Behaviour after upgrade to 1.1.4

Discuss and get help configuring CacheGuard OS
miguelp
Posts: 46
Joined: 17 Aug 2015 13:06

Re: Strange Behaviour after upgrade to 1.1.4

Post by miguelp » 01 Nov 2015 14:26

Hello David,
Thanks for all, and for removing the file!

I rebuilt all guard categories, but if turn the guard mode ,the issue is still there.

Yes, I think the only option will be to install from scratch.

Now we have only 2GB assigned to the VM, do you think is worth trying with 4 gb ?

Is there the need to issue any command to make CG aware of the more memory ?

Thanks,
Miguel

User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Strange Behaviour after upgrade to 1.1.4

Post by charles » 01 Nov 2015 19:51

Dear Miguel

I don't think that increasing the RAM could resolve this issue. But if you do it the detection is automatic. You will only need to reboot your system.

Best Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com

User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Strange Behaviour after upgrade to 1.1.4

Post by charles » 09 Nov 2015 23:12

Hello Miguel

After having studied your configuration file it seems that your issue does not come form the v1.1.4 upgrade but from a referral request sent by your AD to CG.

Let's say your guard LDAP filter is as follows:

Code: Select all

guard filter ldap add myRequest 'dc=example,dc=com' 'sAMAccountName' 'memberOf=cn=adult,cn=users,dc=example,dc=com'
The referral request asks CG to send an LDAP query to an external AD server which is not allowed by CG's security policy. Actually this referral is based on the base DN of your guard LDAP filter (dc=example,dc=com) and the configured DNS in your CG resolves that base DN (example.com) to a public IP address which is not accessible by CG.

To resolve your issue you can either disable the usage of referrals in your AD or configure CG with a DNS server that resolves the base DN (example.com) of your guard LDAP filter to your own LDAP server IP.

Best Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com

Post Reply