Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

FahmAzla
New Contributor

Created on ‎04-20-2021 12:06 AM

SSLVPN LDAPS Not Working

Hello all,

We have configured LDAPS with secure connection, we already generate CA certificate from AD server and import into the Fortigate.
We have test login using Forticlient but it failed.

Action we have performed:
  • run > diagnose test authserver ldap <ad-server>  user1 password - the output success
  • We have tried to disable secure connection - able to login
  • change minimum SSL protocol to TLS v1 - still failed.
From debug log, we can see below logs, from here we can see "unknow user" but since we can login with secure connection, its should exists the user.
Line 4045: 2021-04-20 12:10:20 [320:root:29665][fam_auth_proc_resp:1343] An error happened authenticating user: user1
Line 4046: 2021-04-20 12:10:20 [320:root:29665]login_failed:272 user[user1],auth_type=16 failed [sslvpn_login_unknown_user]

Any idea on that?
Labels:
472
0 Kudos
4 REPLIES 4
VictGarc1
New Contributor

Created on ‎04-20-2021 11:10 AM

Hi,

What is your FortiOS version? Do you check release notes about your version?
447
0 Kudos
FahmAzla
New Contributor
In response to VictGarc1

Created on ‎04-20-2021 04:59 PM

Hi Victor,

Current version 6.0.11, the issues already resolved after upgrade to 6.0.12, its bug. We log ticket to TAC as well, TAC confirmed it bug.

Thanks​​
447
0 Kudos
SveN
New Contributor

Created on ‎04-20-2021 10:37 PM

Hi,

I can't remember the details. But a while back I had something similar with a customer. Useres tried to connect to a Fortigate located in Asia with authentication against a LDAP in Germany. And the delay betwen the location in Asia and Germany was to high. We increased the LDAP timeout so 600 (I believe default ist 50ms) and all is wokring since then:
config system global
 set ldapconntimeout 600  <===
end
Hope it helps...
447
0 Kudos
FahmAzla
New Contributor
In response to SveN

Created on ‎04-20-2021 10:52 PM

Hi Sven,

Thank for sharing, Since we have multiple sites, I will increase ldaptimeout. 

Thanks
447
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.