- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot connect to AD LDAPS
Hi,
I would to configure LDAPS connection to my domain controller, installed cert on AD, installed CA cert on Fortigate,
from any windows PC using ldap.exe I have secure connection to DC on port 636.
Domain controller name is resolved by FQDN from Fortigate, but when I create connection using secure option I get error : " Can't contact LDAP server"
- « Previous
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You probably use IP address of LDAP server. Try to use DNS name of LDAP server instead of IP address. This was my case but I didn't read carefully "name is resolved by FQDN from Fortigate".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my case this helped. I had exactly the same porblem. I changed the IP to FQDN and it works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tutek,
Please make sure if you receiving any traffic at Fortigate interface. You can test it in a different way.
Does the ping work?
If not, run a sniffer as follows:
diag sniffer packet any 'host <LDAP-IP>' 4 0 a
It will show you, if there is traffic, on which interface this is leaving and what traffic this might be. ICMP should at least leave the FortiGate (and hopefully getting a response as well).
If you are sure which interface, the traffic must exit:
diag sniffer packet <interface> 4 0 a
Then leave this running for some time. You might see arp requests for the IP that are not getting responses.
Fortinet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
i am facing the same issue, has anyone figured it out?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Do you see any traffic at Fortigate interface? Please run siniffer as follows:
diag sniffer packet any 'host <LDAP-IP>' 4 0 a
Fortinet
Created on 07-03-2022 11:41 PM Edited on 07-03-2022 11:48 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Wardshad,
Thank you for your reply, there is a traffc since i have already connected it by LDAP
only LDAPS is not working properly
i have uploaded the CA Certificate of the Domain Controller on the firewall, Although setting the Certificate option to "Empty" results in "Can't contact LDAP server"
find screenshots below
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my case, the DC was behind a firewall. I had to open ports tcp/636 and 3269.
- « Previous
- Next »