Troubleshooting Tip: Active Directory user authentication fails
| Description | This article describes how to resolve a scenario where FortiGate has an LDAP (Lightweight Directory Access Protocol) object that is used for active directory user authentication, but the client gets the wrong user credentials. |
| Scope | FortiGate. |
| Solution | While testing an Active Directory user, the following error appears:
On a packet capture for port 389 on FortiGate, the LDAP SearchRequest for User1 gets this reply:
There are two possible reasons why error 0x4DC may appear. The first possible reason is a wrong user password. It may also be the case that the simple bind is disabled on the active directory. It can be reactivated by adding pwdssp.dll on the SecurityProviders key in the server Registry.
Note: The key path is 'HKLM/SYSTEM/ControlSet/Control/SecurityProviders' and, in some cases, 'HKLM/SYSTEM/ControlSet001/Control/SecurityProviders' and 'HKLM/SYSTEM/ControlSet002/Control/SecurityProviders' need to be changed instead.
Related article: |
