We have LDAP configured and working for VPN authentication, but need to of course have secure auth, so need to change to LDAPS.
LDAP is working with a regular bind account. When I change to LDAPS, both the connectivity and the user credentials test pass successfully. However, nobody can log into the VPN; Permission denied. (-455).
The documentation is pretty vague. To keep things simple for testing I haven't toggled the 'Certificate' option and assume that is not a requirement. I haven't been able to locate any logging to get more information, either.
I'm puzzled as to why the LDAPS tests show success, but logins fail.
I appreciate any insight.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There is a new security hardening in 7.4.4.
You need to load AD cert in your FGT. Check these two posts.
Hope it helps.
Which FortiOS version?
Created on 07-17-2024 10:57 AM Edited on 07-17-2024 10:58 AM
It's on 7.4.4 build 2662.
There is a new security hardening in 7.4.4.
You need to load AD cert in your FGT. Check these two posts.
Hope it helps.
Ah, I don't know how I missed those in my search. Thanks much for your reply!
It is now most frequent complain as more people try 7.4.4,
@FTNT folks - it would be really nice to include this info in the FortiOS 7.4.4 Release Notes, because not everyone will be successful in forming the correct wording in querying Google/Bing to find it here, in Technical Tips.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.