FSSO-polling mode, invalid LDAP Sv issue

Kubosock · ‎11-25-2018

Hi every one,

I config LDAP as link: https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ld...

Do not use SSL , LDAP joined domain,

dsquery user -name ldap

CN=LDAP,OU=Users,OU=SYSTEM,OU=VIFB,DC=vifb,DC=local

xsilver_FTNT · ‎11-26-2018

Hi,

I'd try CLI ..

1. enable debug

diag debug reset

diag debug app fnbamd 7

diag debug enable

2. then test

diag test auth ldap <SERVER> <username> <password>

.. and fnbamd should let you know if first regular bind failed or haven't found user or so.

I gues sit's failing on first bind, so account used for regular bind has no sufficient rights, or correct password, or FGT has no access to LDAP (some firewall on the way).

Alternatively .. diag sniff packet any 'host <LDAP-IP> and port <LDAP PORT 389>' 6 0 a or sniff LDAP traffic from gui to see directly in packets what LDAP server said, if anything.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Kubosock · ‎11-26-2018

Hi,

Tks xsilver .

A major benefit of Polling mode is that no FSSO DC Agents are required . So I config LDAP on windown server . provider said LDAP is fault .

FSSO-polling mode, invalid LDAP Sv issue

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website