Reset Search
 

 

Article

KB40251 - Pulse Connect Secure recommended Active Directory authentication server mode.

« Go Back

Information

 
Last Modified Date9/22/2017 6:04 AM
Synopsis
This article provides details about Pulse Connect Secure recommended Active Directory authentication server mode.
Problem or Goal
Cause
Solution
Legacy mode Active Directory (AD) authentication server was deprecated in Pulse Connect Secure (PCS) 8.3R1 and Pulse Policy Secure (PPS) 5.4R1. Pulse Secure is no longer providing security updates, technical support or hot fixes for Legacy Mode AD authentication server.
 
To help improve stability and overall security posture of Pulse Secure gateways starting with PCS and PPS version 9.1R1, Legacy Mode AD authentication server instances within the configuration are treated as incompatible. If these instances are detected during upgrade to 9.1R1 or higher, the upgrade will be aborted. Similarly, importing of configuration with these instances will result in configuration incompatible error messages and the import will be aborted.
 
If Legacy Mode is configured, Pulse Secure recommends migrating to Standard Mode or if the instance is unused, please delete these authentication server instances.

For the detailed migration guide refer KB40430

Differences between the two Active Directory Modes

  • Legacy Mode uses older Samba version
  • ​Standard Active Directory mode uses a newer version of samba 
  • The newer Samba releases provide better performance.
  • The older version is out of support from Samba community.
  • Standard Active Directory mode is periodically updated with latest stable Samba packages.

What is the functional impact of this on Pulse Secure Products?


All the existing functionalities are completely supported in Standard Active Directory mode. Standard ‘Active Directory’ mode uses better group lookup methods, therefore, the 'Group Search With LDAP' option is no longer present. Active Directory mode also provides better troubleshooting tools.

Note: Standard ‘Active Directory’ Mode is supported from Windows 2008 onwards. 
 

Known Issues:

KB40723 - Custom expressions using group attribute fails with Standard (AD) Active Directory mode
 
Related Links
Attachment 1 
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255