Hi,
I would to configure LDAPS connection to my domain controller, installed cert on AD, installed CA cert on Fortigate,
from any windows PC using ldap.exe I have secure connection to DC on port 636.
Domain controller name is resolved by FQDN from Fortigate, but when I create connection using secure option I get error : " Can't contact LDAP server"
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You probably use IP address of LDAP server. Try to use DNS name of LDAP server instead of IP address. This was my case but I didn't read carefully "name is resolved by FQDN from Fortigate".
In my case this helped. I had exactly the same porblem. I changed the IP to FQDN and it works.
Hi Tutek,
Please make sure if you receiving any traffic at Fortigate interface. You can test it in a different way.
Does the ping work?
If not, run a sniffer as follows:
diag sniffer packet any 'host <LDAP-IP>' 4 0 a
It will show you, if there is traffic, on which interface this is leaving and what traffic this might be. ICMP should at least leave the FortiGate (and hopefully getting a response as well).
If you are sure which interface, the traffic must exit:
diag sniffer packet <interface> 4 0 a
Then leave this running for some time. You might see arp requests for the IP that are not getting responses.
Hi All,
i am facing the same issue, has anyone figured it out?
Hi,
Do you see any traffic at Fortigate interface? Please run siniffer as follows:
diag sniffer packet any 'host <LDAP-IP>' 4 0 a
Created on 07-03-2022 11:41 PM Edited on 07-03-2022 11:48 PM
Hi Wardshad,
Thank you for your reply, there is a traffc since i have already connected it by LDAP
only LDAPS is not working properly
i have uploaded the CA Certificate of the Domain Controller on the firewall, Although setting the Certificate option to "Empty" results in "Can't contact LDAP server"
find screenshots below
Thanks in advance
In my case, the DC was behind a firewall. I had to open ports tcp/636 and 3269.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.