Technical Tip : Forticlient LDAP users are getting 'credential or ssl vpn configuration is wrong (-7200)'

akumarr · ‎12-31-2021

Description

This article describes how to troubleshoot the LDAP issue for SSL-VPN.

Scope

FortiGate

Solution

SSL-VPN tunnel mode is enabled in the firewall and the Ldap users are imported to the FortiGate.

So it is necessary to make sure the actual LDAP user name and the user imported in the Fortigate must be the same, if not we would get a ' credential or SSL VPN configuration is wrong (-7200)' error.

Check the below-mentioned output.

# config user local
edit "test" <----- Name of the user in the firewall.
set status enable
set type ldap

Since the username in firewall and ldap is the same authentication is success and two factor worked.

Post entering the Token the VPN connection is established.

Now by mistake, if the ldap user is saved with a different user name then VPN will not work.

# config user local
edit "Test" <----- The name from test to Test has been changed.
set status enable
set type LDAP

Trying to connect the VPN but it is not working.

It is because of the case sensitivity, and post-making the below-mentioned changes the VPN is connected.

# config user local
edit "Test"
set status enable
set type ldap
set username-case-sensitivity <----- To set username-case-sensitivity disable.
end