Operational Defect Database
BugZero found this defect 3636 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3exSAA
Unable to read more than 64 groups from any external Authentication Server
Last update date:
6/5/2014
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
All
Description:
Issue
When a user authenticates to your Firebox or XTM device with an account from an external authentication server, the device reads only the first 64 groups returned by the server for this user. Any extra groups are ignored.This limitation includes groups that are not used in the device configuration.
Workaround/Solution
There are two workarounds for this issue: The Authentication process reads the groups in alphabetical order. If you change the name to have a higher alphabetical order you can make sure it is retrieved by the device.Reduce the number of groups returned to the user to 64 or fewer.
