Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yaronbeny7
New Contributor

Fetch DN

hello

how can i know what do type on this lines ?

i have DC server 2008 r2 enterprise

7 REPLIES 7
yaronbeny7
New Contributor

it is not working.

see screenshot with error

i

ede_pfau

It's not the DN (syntax).

The FGT cannot contact the LDAP server. IMHO a secure LDAP connection (LDAPS) uses port 636, not 389.

Either switch back to regular LDAP or check the secure connection (username, password, protocol).

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
emnoc
Esteemed Contributor III

All good suggestion but have you tried any diag test  authserver ldap commands from the cli?

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
AtiT
Valued Contributor

Hello,

Login to your Windows Domain Controller and type into the CLI:

C:\>dsquery user -samid administrator

 

You will get something like this:

C:\>dsquery user -samid administrator "CN=Administrator,CN=Users,DC=homelab,DC=local"

 

Put the CN=Administrator,CN=Users,DC=homelab,DC=local into the User DN field (Bind type: Regular).

Set the admin password.

 

Use sAMAccountName as Common Name Identifier.

Use dc=homelab,dc=local as the Distinguished Name. (The CN=User means a group in the homlab.local domain, so in this case only the domain was used. Set the domain at first to see whether the LDAP will work. You can set an OU or CN later on to what you need to not search the whole LDAP tree. It depends what you need.)

 

Try the Test without the Secure Connection. It should work. If you will use the Securte Connection you will need probably some certificate issued by your CA in the Windows AD environment - Someone else can correct me if I am wrong.

 

AtiT

AtiT
AtiT
Valued Contributor

Just some images how to set up on the FortiGate.

Also I tried the Secure Connection which worked with the imported certificate.

 

 

AtiT

AtiT
yaronbeny7

i did it wiith "active directory explorer" but

it is still give me error (see screenshoot)

and what about user dn ? how can i know the password?

nshot)

ede_pfau

You're still using LDAPS on the regular LDAP port. Do you read the posts here at all?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors