Skip to main content
dudarra
dudarra
New Member
February 21, 2019
Question

LDAP authentification on HA-Cluster fails

  • February 21, 2019
  • 1 reply
  • 4820 views

Hi Guys,

 

i configured LDAP on all our Firewall and it works prefect! We're using 3040B Fortis with Firmware v5.2.13,build762.

The Cluster is  Active-Passive. 

 

config system ha
    set group-name "fw-CUST"
    set mode a-p
    set password ENC 
    set hbdev "wan1" 50 "wan2" 25
    set session-pickup enable
    set ha-mgmt-status enable
    set ha-mgmt-interface "mgmt2"
    set ha-mgmt-interface-gateway 10.152.220.1
    set override enable
    set override-wait-time 600
    set monitor "mgmt1" "port13" "port24"

 

config system interface
    edit "mgmt1"
        set vdom "root"
        set ip 10.152.220.40 255.255.255.0
        set allowaccess ping https ssh snmp
        set vlanforward enable
        set type physical
        set alias "mgmt-cluster"
        set snmp-index 1
    next
    edit "mgmt2"
        set ip 10.152.220.41 255.255.255.0
        set allowaccess ping https ssh snmp
        set vlanforward enable
        set type physical
        set alias "mgmt-CUSA"
        set snmp-index 2

And now my problem, when i hit each Firewall by the common ip, , then i can log in with the LDAP User

 

BUT when i use the cluster IP... it fails on the Firewall! 

 

What can i do?

 

Need help! Cheers Raffa

1 reply

xsilver_FTNT
Staff
xsilver_FTNT
Staff
February 21, 2019

How about to start with fnbamd debug, packet sniffer to be sure that you are using right LDAP and that LDAP packets flow to and from LDAP server as expected. Also that LDAP responds as expected, as it might limit access from certain subnets/IPs and so maybe cluster IP is not allowed in.

Also, how/where are you trying to login .. SSLVPN , admin GUI etc. ?

dudarra
dudarraAuthor
New Member
February 21, 2019

thanks tomas,

 

as i wrote, the LDAP authentification works! the problem is that when i try to login to the firewall through the global cluster address it doesn't work! 

 

when i connect direkt to the fwA it works! when i connect to FwB it works...when i try to login via the cluster IP --> it doesnt work and i cant see any debug!

 

i try to connect via the inband managment direct local admin gui, there are no limits...its the admin network!

 

 

regards rafael

Terms & ConditionsAccessibility statement