| Description |
This article describes the issue that happens with LDAP authentication even when users are valid. |
| Scope | FortiGate. |
| Solution |
An LDAP has been configured on the firewall as per the below article: Technical Tip: How to configure FortiGate to use an LDAP server
Sometimes, users are not able to log in to SSL VPN where this LDAP is pointed to authenticate those users. This error is related to LDAP authentication.
Debugs:
fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-XXXXXX, comment: AcceptSecurityContext error, data XXX, vXXXX)
This error is coming from the LDAP server itself and something is not accepted on the LDAP server. Even if user credentials are tested via the FortiGate LDAP GUI page, it will return invalid credentials, and debugs will show the above message.
If the pcap is captured for this, it will look like this:
Check the following article to get more details on this error and LDAP error codes. Technical Tip: LDAP Error message ‘fnbamd_ldap_parse_response-Error 49’
After checking the above article and checking LDAP codes and still facing the issue, restart the LDAP server and check.
If the issue persists, use another bind format for the service account used to query these requests.
username\administrator
Related document: |
