After upgrade to Citrix ADC 13.0-36.27 multiple nsaaad core dumps are occurring

After upgrade to Citrix ADC 13.0-36.27 multiple nsaaad core dumps are occurring

book

Article ID: CTX265016

calendar_today

Updated On:

Description

  • Secure LDAP is configured on the LDAP servers
  • Multiple core dumps on nsaaad process
  • Periodic HA failover
  • Users are intermittently not able to authenticate via  Gateway VIP

Resolution

Issue resolved by code fix in 13.0-47.x.
IssueID: NSHELP-20181

Workaround:
Set email attribute to a non-default entry and that does not exist in the AD environment.
Configuration example:


To edit the LDAP authentication server using the command line interface
set ldapAction jn_ldapAction -email dummytattributeonad
 
To edit the LDAP authentication server by using the configuration utility
1.Navigate to System > Authentication > Advanced Policies > LDAP > Servers .
2. Select the Authentication LDAP server in question and select Edit.
3. On the Authentication LDAP Server page, configure the email  paramaters for the LDAP server.
 

Problem Cause

For Citrix ADC 13.0, the email attribute field has been introduced for LDAP servers. If Secure LDAP is configured to a Windows Active directory backend fetching the email attribute can introduced a logic error causing nsaaad process to crash intermittently. If multiple crashes occur on this critical process within 24 hours, a system reboot is initiated causing failover, in HA setups or service interruption in standalone setups.

Additional Information

https://support.citrix.com/article/CTX230883
https://docs.citrix.com/en-us/citrix-adc/13/aaa-tm/configure-aaa-policies/ns-aaa-setup-policies-authntcn-tsk/ns-aaa-setup-policies-auth-ldap-tsk.html
Powered by Wolken Software