How do I run diagnostics for LastPass Universal Proxy v4.x?
Use the diagnostic tool for LastPass Universal Proxy to discover and troubleshoot general connectivity issues.
- Windows PowerShell 3.0 or higher on Windows operating system
- Debian-based OS or RedHat-based OS on Linux operating system
The diagnostic tool checks the configuration provided in the server.properties configuration file. It automatically detects whether LDAP or RADIUS protocol is used and checks their communication with the appropriate services.
When run, the scripts perform a series of tests and present the results in a console output and also in file, located in /logs folder. The output begins with a summary section that provides a SUCCESS or FAIL indicator for each of the test. A summary of the settings is also listed.
The result of the diagnostics is saved to a .log file in the C:\Program Files\LastPass\Universal Proxy\logs directory on Windows operating system (or the path you selected during installation, if different) and in the /usr/local/universalproxy/logs directory on Linux operating system.
If all tests pass, then the output indicates that the specified servers are reachable and can respond to service requests correctly.
- Select one of the following options based on your operating system:
- To run diagnostics on Windows operating system, open PowerShell and execute the following command:
uproxy -diagnostic - To run diagnostics on Linux operating system, open the CLI and execute the following command:
sudo uproxy -diagnostic
- To run diagnostics on Windows operating system, open PowerShell and execute the following command:
Checking whether Universal Proxy can access the LastPass service
-
Example:
Result:
- SUCCESS: Indicates that Universal Proxy can access the LastPass service.
- FAIL: Indicates that Universal Proxy is unable to communicate with the LastPass service.
Checking the RADIUS server configuration with Universal Proxy
- When running the script, you should add the following:
- Enter user logon name:
- Enter user's password:
For the description of the required properties, see LastPass Universal Proxy 4.x RADIUS configuration using command line on Windows.
Example: RADIUS server configuration with SFA server mode (SUCCESS)
Example: RADIUS server configuration with SFA server mode (FAILURE)
Example: RADIUS server configuration with LP server mode
Result:
- SUCCESS:
- Indicates that the RADIUS server is accessible, expects authentications on the given port and that the user is present with the provided username/password.
- FAIL:
- Receive timed out: Indicates that the RADIUS server is not accessible on the given IP address/port.
- Access-Reject: The response is received but the credentials of the provided user were wrong.
Checking the LDAP server configuration with Universal Proxy
- When running the script, select one from the following set of instructions based on your server mode configuration:
Server Mode Configuration Instructions SFA Add the following parameters: - Enter user's distinguished name
- Enter user's password
LP Add the following parameters: - Enter user's LP account name
- Enter user's password
PLP Add the following parameters: - Enter user's distinguished name
- Enter user's password
For the description of the required properties, see LastPass Universal Proxy 4.x LDAP configuration using command line on Windows on Windows or LastPass Universal Proxy v4.x LDAP configuration using command line on Linux.
- Checking whether a designated user can be found in the LDAP server. In this test an LDAP search request is initiated to determine if an LDAP user search will find the necessary user attributes. The LDAP user entry search is first based on the user's distinguishedName, then on the naming attribute which was set in Universal Proxy configuration (by default, it is sAMAccountName on Windows and UID on Linux). For more information on the user configuration, see Configuration checklist for LastPass Universal Proxy using LDAP protocol on Windows.
Important: The maximum length of the sAMAccountName is 20 characters.
Example: LDAP server configuration with SFA server mode
Example: LDAP server configuration with LP server mode
Result:
- SUCCESS: Indicates that the LDAP server is up and running.
- FAIL:
- Timeout: Indicates that the LDAP server is not accessible on the given IP address/port.
- Empty search response LDAP server is accessible, but user is not found.
- Checking whether a designated user can authenticate to the LDAP server. In this test an LDAP bind request is initiated to check whether a designated user can authenticate to the LDAP server.
Example:
Result:
- SUCCESS: Indicates that the LDAP server is there, listening on the given port and the provided user with the given password was found.
- FAIL:
- Timeout: Indicates that the LDAP server is not accessible on the given IP address/port.
- Access-Reject: The LDAP server is there but the credentials of the provided user were wrong.
- Checking if the user receives a push notification to their phone.
Example:
Result:
- SUCCESS: The push notification was received and accepted.
- FAIL: The push notification was not received.