Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tanguy
New Contributor

LDAPs and SSL Problem

Hi,

 

I tried to configure my LDAP authentification using a CA certificate.

Test Connectivity is successful also Test User credentials.

Before my VPN worked fine. I deleted my user (first from group) then I recreated it. No problem I can browse LDAP.

I didn't change anything to my client. I waited a few minute sbefore trying. But everytime it fails at 80% and looking at logs : Events,  VPn it says :

Reason

sslvpn_login_unknown_user

Tried on another Fortinet, same result. What am I doing wrong ?

 

Not e: I followed

https://docs.fortinet.com/document/fortigate/6.2.2/cookbook/688719/ssl-vpn-with-ldap-user-password-r...

https://www.infosecmonkey.com/2019/04/20/secure-ldap-and-ad-password-change-via-forticlient/

 

Thanks !

7 REPLIES 7
boneyard
Valued Contributor

what do you mean with deleted your user? 

 

is the user or usergroup still allowed on the sslvpn firewall policy?

Tanguy

It means. I unregistred it and register it back by browsing ladp

boneyard
Valued Contributor

ok, not sure if that has any effect

 

and .. is the user or usergroup still allowed on the sslvpn firewall policy?

Tanguy

If I change using LDAP without SSL it works... But I need it for the renew password option

boneyard
Valued Contributor

bbilut
New Contributor III

Did you upload your domains CA to the firewall? (I'm assuming you're using a Windows Domain as your LDAP source)

guillaume66

Hello Perhaps this cli command could help if certificate and ldaps server identity are not the same set server-identity-check disable Doc : https://docs.fortinet.com...rence/406620/user-ldap
Labels
Top Kudoed Authors