After updating some firewalls to FortiOS 7.4.4 I am no longer able to log onto them using LDAP authentication. Local accounts are not affected.
I have tested my credentials on the LDAP server screen and confirmed that I can authenticate, so this looks like a bug in 7.4.4.
Anyone else experiencing this issue?
100% Correct i tested it without Secure Connection and its working. I open a ticket fortigate support the answer was go back to 7.2.8 great. Feature means for me new features they can be buggy but the basics should work. Fortigate should use words like "Beta" "Experimental" maybe better
I am having the same issue after upgrading to 7.4.4
Same issue here using Google LDAPS - has anyone had any luck getting it to work on 7.4.4 with Google? Turning off secure connection didn't solve it. Thanks
Hey freddiedivas,
if you have the issue even after disabling secure connection, that sounds like something else might be going on.
I would suggest that you do the following in FortiGate CLI:
1. Enable this debug:
#dia de reset
#dia de app fnbamd -1
#dia de en
2. In a separate CLI connection, run this command:
#dia test authserver ldap <LDAP server name> <user> <password>
It should look something like this ("win-server" is what the LDAP-server is called in my FortiGate config):
3. In the first SSH session, you should get some output about FortiGate trying to connect to the LDAP. This might give you some error messages (like SSL connect failed, or admin bind failed, or user bind failed, or similar).
-> I would suggest sharing the output here for us to look over, or opening a support case to have a FortiGate support engineer look the debug over and provide details on whatever error your FortiGate encounters.
4. To end the debug output:
#dia de disable
#dia de reset
None of the suggestions provided so far have worked for me, which included installing a CA cert and disabling security. I feel like this is a bug introduced in 7.4.4.
At the very least, I would expect that any issues with LDAP auth would be identified when running a test in the web GUI.
I'd normally ask for a pcap + full fnbamd debug, but since those will most likely contain sensitive information, you're be better off opening a support ticket to get things sorted out.
Thanks @Debbie_FTNT, I did manage to fix this in the end - not sure if it will work for you @Magni_IT but might be worth a try, my issue was related to LDAP timeout, increasing the timeout by running the below fixed it for me;
config sys global
set remoteauthtimeout 10
set ldapconntimeout 999
end
more details here - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Increase-the-LDAP-query-timeout/ta-p/18940...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1062 | |
889 | |
527 | |
441 | |
152 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.