Troubleshooting Tip: LDAP Error message 'fnbamd_ldap_parse_response-Error 49'

mle2802 · ‎08-27-2023

Description

This article describes how to fix the error 'invalid credential' when integrating LDAP.

Scope

FortiGate.

Solution

When setting up LDAP on FortiGate, the following error appears even though the credentials are correct:

When the credential is tested out with debug enabled as below, the LDAP error code 49 is received in the debug logs.

diagnose debug enable

diagnose debug application fnbamd 255

diagnose test authserver ldap Test-LDAP henry\administrator Qwerty77

2023-08-22 14:12:56 [1096] fnbamd_ldap_send-Request is sent. ID 1

2023-08-22 14:12:56 [987] __ldap_rxtx-state 6(User Bind resp)

2023-08-22 14:12:56 [1127] __fnbamd_ldap_read-Read 8

2023-08-22 14:12:56 [1233] fnbamd_ldap_recv-Leftover 2

2023-08-22 14:12:56 [1127] __fnbamd_ldap_read-Read 102

2023-08-22 14:12:56 [1306] fnbamd_ldap_recv-Response len: 104, svr: 10.77.86.10

2023-08-22 14:12:56 [987] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind

2023-08-22 14:12:56 [1009] fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563)

2023-08-22 14:12:56 [1023] fnbam.

Code 49 with 52e in the LDAP response means that the username is valid, but the password/credential is invalid.

This issue can also happen when the user account is expired on the LDAP server.

Related article:

Technical Tip: Understanding LDAP Error Codes

Troubleshooting Tip: LDAP Error message 'fnbamd_ldap_parse_response-Error 49'

You are leaving our website