FortiGate LDAP authentication errors

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 195337

Description
This article describes the LDAP most common authentication errors codes.

Solution
A quick list of common Active Directory LDAP bind errors and their meaning, If the bind fails, the LDAP server will return an error code that can be read from the debug/ Wireshark:

              Code
   0x525 <----- User not found.
   0x52e <----- Invalid credentials.
   0x530 <----- Not permitted to logon at this time.
   0x531 <----- Not permitted to logon from this workstation.
   0x532 <----- Password expired.
   0x533 <----- Account disabled.
   0x701 <----- Account expired.
   0x773 <----- User has to reset password.
      0x775 <----- Account locked out.

Results.

Sample output from Debug:

[829] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind
[851] fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v3839) <----- Invalid credentials.

From Wireshark.

Related Articles

Troubleshooting Tip: Fortigate LDAP

18924

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: FortiGate LDAP authentication errors

You are leaving our website