FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff
Article Id 339648
Description This article describes how to troubleshoot when the Server Connection status shows Invalid credentials.
Scope FortiGate.
Solution

While implementing the LDAP server in FortiGate with Bind Type as regular, provide the LDAP server admin credentials to Authenticate LDAP server to perform user search. While the implementation, consider the below points regarding Username configured in the FortiGate.

 

  1. If the Common Name Identifier is set as 'cn', use the user name (Display name) in the LDAP server. In case the Common Name Identifier is set as sAMAccountName, use the logon name.
  2. Use the below syntax to mention the username If the Common Name Identifier is set as 'cn', mention the user Distinguished Name.

 

It is possible to use the query user –name '<full_user_name>' to find the complete DN of the user.

 

Example:

 

C:\Users\Administrator>dsquery user -name "ldap test"
"CN=ldap test,CN=Users,DC=t3sophialab,DC=net"

 

In FortiGate, Username will be CN=ldap test,CN=Users,DC=t3sophialab,DC=net

 

If Common Name Identifier is set as sAMAccountName, mention domain\logon name (do not use domain extensions such as .net, .com, .local).

 

Example:

 

t3sophialab\logon name

 

  1. A username with an incomplete or wrongly set Distinguished Name or domain name will also result in Invalid credentials.

 

 

Capturedv.JPG

Contributors