Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
j-gray
New Contributor

Created on ‎07-17-2024 10:47 AM

Issues configuring secure LDAP on VPN appliance

We have LDAP configured and working for VPN authentication, but need to of course have secure auth, so need to change to LDAPS.

 

LDAP is working with a regular bind account. When I change to LDAPS, both the connectivity and the user credentials test pass successfully. However, nobody can log into the VPN; Permission denied. (-455).

 

The documentation is pretty vague. To keep things simple for testing I haven't toggled the 'Certificate' option and assume that is not a requirement. I haven't been able to locate any logging to get more information, either.

 

I'm puzzled as to why the LDAPS tests show success, but logins fail.

 

I appreciate any insight.

Labels:
1742
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-17-2024 11:11 AM

There is a new security hardening in 7.4.4.

You need to load AD cert in your FGT. Check these two posts.

https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Failure-Permission-Denied-455-after-update-t...

https://community.fortinet.com/t5/Support-Forum/LDAP-authentication-for-admins-not-working-after-For...

Hope it helps.

AEK

View solution in original post

AEK
1728
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎07-17-2024 10:52 AM

Which FortiOS version?

AEK
AEK
1737
0 Kudos
j-gray
New Contributor
In response to AEK

Created on ‎07-17-2024 10:57 AM Edited on ‎07-17-2024 10:58 AM

It's on 7.4.4 build 2662.

1734
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-17-2024 11:11 AM

There is a new security hardening in 7.4.4.

You need to load AD cert in your FGT. Check these two posts.

https://community.fortinet.com/t5/Support-Forum/SSL-VPN-Failure-Permission-Denied-455-after-update-t...

https://community.fortinet.com/t5/Support-Forum/LDAP-authentication-for-admins-not-working-after-For...

Hope it helps.

AEK
AEK
1729
j-gray
New Contributor
In response to AEK

Created on ‎07-17-2024 11:49 AM

Ah, I don't know how I missed those in my search. Thanks much for your reply!

1677
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎07-17-2024 12:15 PM

It is now most frequent complain as more people try 7.4.4, 

@FTNT folks - it would be really nice to include this info in the FortiOS 7.4.4 Release Notes, because not everyone will be successful in forming the correct wording in querying Google/Bing to find it here, in Technical Tips. 

 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
1662
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.