Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSLVPN LDAPS Not Working
Hello all,
We have configured LDAPS with secure connection, we already generate CA certificate from AD server and import into the Fortigate.
We have test login using Forticlient but it failed.
Action we have performed:
Line 4045: 2021-04-20 12:10:20 [320:root:29665][fam_auth_proc_resp:1343] An error happened authenticating user: user1
Line 4046: 2021-04-20 12:10:20 [320:root:29665]login_failed:272 user[user1],auth_type=16 failed [sslvpn_login_unknown_user]
Any idea on that?
We have configured LDAPS with secure connection, we already generate CA certificate from AD server and import into the Fortigate.
We have test login using Forticlient but it failed.
Action we have performed:
- run > diagnose test authserver ldap <ad-server> user1 password - the output success
- We have tried to disable secure connection - able to login
- change minimum SSL protocol to TLS v1 - still failed.
Line 4045: 2021-04-20 12:10:20 [320:root:29665][fam_auth_proc_resp:1343] An error happened authenticating user: user1
Line 4046: 2021-04-20 12:10:20 [320:root:29665]login_failed:272 user[user1],auth_type=16 failed [sslvpn_login_unknown_user]
Any idea on that?
Labels:
- Labels:
-
vpn
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What is your FortiOS version? Do you check release notes about your version?
What is your FortiOS version? Do you check release notes about your version?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Victor,
Current version 6.0.11, the issues already resolved after upgrade to 6.0.12, its bug. We log ticket to TAC as well, TAC confirmed it bug.
Thanks
Current version 6.0.11, the issues already resolved after upgrade to 6.0.12, its bug. We log ticket to TAC as well, TAC confirmed it bug.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I can't remember the details. But a while back I had something similar with a customer. Useres tried to connect to a Fortigate located in Asia with authentication against a LDAP in Germany. And the delay betwen the location in Asia and Germany was to high. We increased the LDAP timeout so 600 (I believe default ist 50ms) and all is wokring since then:
I can't remember the details. But a while back I had something similar with a customer. Useres tried to connect to a Fortigate located in Asia with authentication against a LDAP in Germany. And the delay betwen the location in Asia and Germany was to high. We increased the LDAP timeout so 600 (I believe default ist 50ms) and all is wokring since then:
config system globalHope it helps...
set ldapconntimeout 600 <===
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sven,
Thank for sharing, Since we have multiple sites, I will increase ldaptimeout.
Thanks
Thank for sharing, Since we have multiple sites, I will increase ldaptimeout.
Thanks