Versions Compared

Version Old Version 1 New Version 2
Changes made by

Matthew Girard

Matthew Girard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2023-04-13

Reported: 2023-04-12 08:32:00 EST

Resolved: 2023-04-13 09:17:00 EST

Checklist

  •  Confirm Duo/Shiboleth/LDAP is working
  •  SSH into Denodo servers
  •  Create ticket/ask Marv to investigate/power cycle all Denodo servers (except solution manager)
  •  See if tailscale is an issue
  •  Restart denodo on all servers

Writeup

John Klein reported authentication issues with Denodo dev via SSO and LDAP. Upon investigation, it wasn’t possible to use LDAP authentication with any Denodo server except solution manager.

SSH into solution manager works as expected, but all other VDP servers took a while to SSH into, and did not prompt for Duo.

David installed tailscale across all Denodo servers except solution manager. After turning off tailscale (tailscale down) across the denodo servers, Duo/LDAP connectivity was restored. David is going to test tailscale only on stage going forward, until he is confident it's able to work in dev and prod.

The specifics around the tailscale issue was that the denodo servers were not migrated to a new, functioning tailnet, and remained in a tailnet that was no longer functioning, hence the connectivity issues.

2023-04-12

Reported: 2023-04-12 09:12:00 EST

Resolved: 2023-04-12 14:53:00 EST

Writeup

Users were having issues connecting to the Denodo dev server. It was discovered that the certs, which were deployed in 2022-01-09, had expired. New certs were copied onto the Denodo servers by certbot, which would expire on 2022-06-09, but had not been deployed since automation had not yet been finalized. The new certs were deployed using the automation scripts that had been developed and the SSL connectivity issues were resolved.

...