Firmware version: v5.0,build0292 (GA Patch 9)
Model: Fortigate 200D
Am trying to setup IPSEC VPN with LDAP authentication.
Setup with regular bind.
However, normal users unable to authenticate through.
For privacy purpose, i have change the details of my domain details
DMN= domain name
USER1=testing user
PWD=AD password of USER1
FG01 # diagnose test authserver ldap DMN USER1 PWD 2014-12-11 17:33:09 fnbamd_fsm.c[1407] handle_req-Rcvd auth req 121 for USER1 in DMN opt=27 prot=0 2014-12-11 17:33:09 fnbamd_ldap.c[866] resolve_ldap_FQDN-Resolved address 10.1.1.26, result 10.1.1.26 2014-12-11 17:33:09 fnbamd_ldap.c[352] start_search_dn-base:'DC=DMN,DC=local' filter:sAMAccountName=USER1 2014-12-11 17:33:09 fnbamd_ldap.c[1594] fnbamd_ldap_get_result-Going to SEARCH state 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[1490] fnbamd_ldap_get_result-Not ready yet 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[1490] fnbamd_ldap_get_result-Not ready yet 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[1490] fnbamd_ldap_get_result-Not ready yet 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[1490] fnbamd_ldap_get_result-Not ready yet 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[386] get_all_dn-Found DN 1:CN=USER1,CN=Users,DC=DMN,DC=local 2014-12-11 17:33:09 fnbamd_ldap.c[400] get_all_dn-Found 1 DN's 2014-12-11 17:33:09 fnbamd_ldap.c[434] start_next_dn_bind-Trying DN 1:CN=USER1,CN=Users,DC=DMN,DC=local 2014-12-11 17:33:09 fnbamd_ldap.c[1642] fnbamd_ldap_get_result-Going to USERBIND state 2014-12-11 17:33:09 fnbamd_fsm.c[1901] auth_ldap_result-Continue pending for req 121 2014-12-11 17:33:09 fnbamd_ldap.c[418] start_next_dn_bind-No more DN left 2014-12-11 17:33:09 fnbamd_ldap.c[1851] fnbamd_ldap_get_result-Auth denied 2014-12-11 17:33:09 fnbamd_auth.c[2057] fnbamd_auth_poll_ldap-Result for ldap svr 10.1.1.26 is denied 2014-12-11 17:33:09 fnbamd_comm.c[146] fnbamd_comm_send_result-Sending result 1 for req 121 2014-12-11 17:33:09 fnbamd_fsm.c[311] destroy_auth_session-delete session 121 authenticate 'USER1' against 'DMN' failed!
USER1 is in default AD group "domain users"
However, if I were to add USER1 to AD group "domain admins", USER1 can authenticate and bind successfully.
Can anyone provide some insight?
Many thanks in advance. :)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.