About the LDAP Server setting !!

Forum|Forum|8 years ago
December 14, 2017
1 reply
6791 views

I have set up the ldap servers at the fortigate 60E , and use the test connectivity button testing , show me "successful" green message. then I add the ldap setting into remote groups under user groups item.

but when I use the same username testing at my mobile , it does not work . how can I find the issue ?

emnoc

New Member

try the cli

diag test authserver ldap "MYLDAPSRV01" ken.felix mypassword

That should validate the following;

1: user

2: ldap server reach

3: display memberOf group memberships

Ken

s3szyAuthor

New Member

Hi ken ,

Thanks for your reply .

Actually , I always used the CLI .

diag test authserver ldap "MYLDAPSRV01" <username > <password>

got the " authenticate 'username' against 'ldapserver ' succeeded! " .

and at ldap server side :

I can got the username log :

Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 fd=27 ACCEPT from IP=10.80.254.1:15257 (IP=0.0.0.0:389) Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=0 BIND dn="cn=570office_wifi,ou=fortigate_wifi,dc=office,dc=example,dc=com" method=128 Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=0 BIND dn="cn=570office_wifi,ou=fortigate_wifi,dc=office,dc=example,dc=com" mech=SIMPLE ssf=0 Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=0 RESULT tag=97 err=0 text= Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=1 SRCH base="ou=fortigate_wifi,dc=office,dc=sexample,dc=com" scope=2 deref=0 filter="(cn=405)" Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=1 SRCH attr=1.1 Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 op=0 BIND dn="uid=405,cn=570office_wifi,ou=fortigate_wifi,dc=office,dc=example,dc=com" method=128 Dec 14 14:53:17 Ldap slapd[26741]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 op=0 BIND dn="uid=405,cn=570office_wifi,ou=fortigate_wifi,dc=office,dc=example,dc=com" mech=SIMPLE ssf=0 Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 op=0 RESULT tag=97 err=0 text= Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 fd=28 ACCEPT from IP=10.80.254.1:15258 (IP=0.0.0.0:389) Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=2 SRCH base="uid=405,cn=570office_wifi,ou=fortigate_wifi,dc=office,dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=2 SRCH attr=memberOf primaryGroupID objectSid Dec 14 14:53:17 Ldap slapd[26741]: conn=3756 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 op=1 UNBIND Dec 14 14:53:17 Ldap slapd[26741]: conn=3757 fd=28 closed

But When I set up same username and password to wifi card, it can not access wifi .

emnoc

New Member

So I'm assuming we are talking WPAenterprise and wifi-clients?

1: So are the users in a group

2: did you bind that group into your wirelesscontroller

3: I think you need RADIUS btw, never heard of LDAP using for WIFI_CLIENTS if we are talking about wireless

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded