Troubleshooting Tip: LDAP connection failed with error 'Stronger (er) authentication required'

jera · ‎05-01-2025

Description

This article describes how to fix the connection error 'Stronger (er) authentication required' that occurs when trying to integrate Windows Server 2025 LDAP with FortiGate.

Scope

FortiGate, Windows Server 2025.

Solution

When integrating an LDAP service with FortiGate with Windows Server 2025, the error 'Stronger (er) authentication required' may appear.

This is due to additional security settings on the group policy applied to the domain account used.

The additional security option is the LDAP server signing requirements Enforcement. The default value on Windows 2025 server is set to 'Not Defined' and will not allow the connection.

The setting must be set to the following value, depending on customer requirements:

Enable: LDAP (Over SSL connection) via port 636.
Disabled: LDAP via port 389.

If LDAP is configured via port 389, update the settings as follows:

Go to Windows 'Run' (press the Windows key + R).
Type 'gpedit.msc' and select OK.
Navigate to Local Group Policy Editor -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Domain controller: LDAP server signing requirements. Enforcement and set the value to 'Disabled'.

Screenshot 2025-05-01 125435.png

If LDAP (Over SSL connection) is configured via port 636, the Domain controller: LDAP server signing requirements Enforcement value must be changed to 'Enabled'.

Related articles:

Troubleshooting Tip: FortiGate LDAP troubleshooting and debug logs created by fnbamd

Technical Tip: Understanding LDAP Error Codes

Troubleshooting Tip: LDAP connection failed with error 'Stronger (er) authentication required'

You are leaving our website